| Software is an important part of the Internet ecology.However,due to improper design and development errors,there are various software vulnerabilities,which poses serious security risks to software security and even Internet security.That not only threatens personal privacy and property security,but also poses a major threat to national strategic security.Detecting these safety hazards through automated methods and making timely protection is necessary to ensure the safe and stable operation of the system.Therefore,the research on software vulnerability automatic detection has high academic value and practical significance.Fuzz testing(Fuzzing)is a widely exploited software vulnerability automatic detection technology.Since its introduction,industry and academia have conducted lots of research on it,as a result,there are many advanced and effective fuzzing methods,as well as the corresponding tools.At present,fuzz testing has discovered a large number of vulnerabilities in real software,it is one of the most important research points in the automated vulnerability detection.The thesis focuses on the key technologies of fuzz testing.Firstly,this paper sorts out the research status of fuzz testing,conducts in-depth analysis on its fundamental problems,constructs the test architecture and operation process of advanced fuzz testing.Then,the thesis is carried out from four aspects: improving code coverage,improving directed testing capability,improving vulnerability detection capability,and improving parallel testing capability.Finally,it puts forward corresponding technical improvement plans.The main work and innovation of the thesis are as follows:1.Aiming at the problem that the random mutation algorithm cannot effectively break through complex path constraints,it puts forward a path breakthrough method,which is based on the mapping relationship between test cases and comparison instruction parameters.Firstly,the researching question of how to improve code coverage is translated into a specific test case search question;then,according to the mapping relationship between test cases and instruction parameter values,differential inference is utilized to identify key fields and it builds a smaller search range;based on the feedback of the comparison command parameter values,two heuristic search strategies are designed to improve the test engine by accelerating the searching progress.Moreover,by means of program deformation and insertion,it carries out optimizations in implementation to improve the scope of technical application and overall testing efficiency.Experimental results show that this method can effectively improve the testing code coverage and vulnerability detection as a result.2.Aiming at the problem of slow convergence in current directed fuzz testing,it proposes a multi-attribute based test method.Through the experimental analysis of current directed fuzzers,it is pointed out that,due to the deficiency in perception of directed fuzzing progress,the test case generation has a large randomness,thus the convergence of directed testing is slow.Therefore,this method first proposes two attribute calculations to characterize the features of test case in the promotion to the directed testing;Then,an elite strategy based mutation method is proposed,By labeling the attribute-related fields and protecting them from being destroyed during mutation,the descendant test cases is highly likely to inherit the elite attributes from the parents,thus the descendant test cases can be more promotable to the directed testing.In addition,a test energy allocation strategy is used pay allocate higher test energy to these high-quality descendant test cases.Experimental results show that this method can effectively improve the test case generation and speed up the convergence in directed testing.3.Aiming at the false negatives in vulnerability detection in fuzz testing,it proposes a method to improve the detection via a triggering condition based searching progress.This method conducts vulnerability-specific searching in the tested code area,and thus can detect some unreported vulnerabilities.This method first utilizes static analysis to extract features about the triggering conditions of the vulnerability,and then conducts in-depth testing on the tested code to generate the special input that can both achieve the codes of vulnerabilities and satisfy the triggering conditions,i.e.it is able to find some unreported bugs.According to two specific vulnerability triggering conditions,it proposes the numerical constraint based and the heap operation sequence constraint based testing methods.Experimental results show that this method can effectively improve the vulnerability detection ability.4.Aiming at the high synchronization overhead and excessive proportion of repeated testing in current parallel fuzz testing,it proposes an intelligent parallel method based on the status awareness.This method first proposes an on-demand synchronization strategy based on the master/slave structure to reduce redundant synchronization and therefore reduce performance expenditure.Secondly,a cluster-based survey point scheduling method is used to enlarge the difference of tasks in each parallel node,and a trace sensitive based mutation method is resorted to control the actual test range of each node.Experimental results show that this parallel framework has a positive effect that its performance is positively related to the number of parallel nodes,besides,its testing performance stably outperforms three current parallel fuzz testing engines under the same number of nodes. |
PDF Full Text Request