| With the further development of Internet technology,computer systems are carrying more and more data,so its security is becoming increasingly important.Software vulnerabilities are one of the important reasons that endanger the security of computer information systems.An attacker can access and change unauthorized systems through software vulnerabilities.Although there are code security tests in every aspect of soft-ware development,many factors lead to program vulnerabilities that cannot be avoided.The common vulnerabilities in binary programs are buffer overflow,format string,integer overflow,cross-border read and write,race condition and logic vulnerabilities.Different vulnerabilities will differ in principle and utilization,but the ultimate goal is to control the EIP register of the program.Fuzzy testing is one of the important methods to find software vulnerabilities.At present,the representative fuzzy testing tool is AFL,which can effectively improve the efficiency of seed mutation by using the program branch information of code instrumentation feedback to screen seeds.Although AFL combines seed mutation algorithm and program instrumentation technology widely used in the industry,AFL is still weak in processing data validation code in programs.In order to solve these problems,researchers try to introduce dynamic symbolic execution technology into fuzzy testing,but it is also limited by other factors,such as path explosion,complex operation environment dependence,inefficiency and so on.The purpose of this paper is to solve the difficult problem of symbolic execution in the application fuzzy testing.An innovative code branch detection algorithm based on symbolic execution is proposed,and on this basis,a fuzzy testing system is designed.In this paper,according to the characteristics of symbolic execution engine,a state cutting technology based on data stream and a state tracking algorithm based on mirror seed tree are proposed.Firstly,the execution state of the program is cut according to the input stream fragments,and then the min'or seed tree of traceable state dependencies is established.Finally,the fast recovery of the running environment is realized.At the same time,from the point of view of software optimization,the library function simulation execution optimization technology is proposed,which effectively improves the speed of library function invocation,thereby improving the speed of symbolic execution simulator subsystem.This paper finally implements a prototype test system SymbolFuzz,and selects 10 different kinds of test questions from open CTF competition as test samples.The experimental results are compared with AFL in code coverage,number of vulnerabilities and average vulnerability time.From the experimental results,the Symbol Fuzz system proposed and implemented in this paper can achieve higher code coverage and number of vulnerabilities in a shorter time compared with AFL,thus verifying the effectiveness and feasibility of the design ideas in this paper. |
