电子学报 ›› 2014, Vol. 42 ›› Issue (10): 2016-2023.DOI: 10.3969/j.issn.0372-2112.2014.10.023

• 学术论文 • 上一篇    下一篇

EWFT:基于程序执行过程的白盒测试工具

王颖1, 谷利泽1, 杨义先1, 董宇欣2   

  1. 1. 北京邮电大学信息安全中心, 北京 100876;
    2. 哈尔滨工程大学, 黑龙江哈尔滨 150001
  • 收稿日期:2013-06-30 修回日期:2013-12-17 出版日期:2014-10-25
    • 作者简介:
    • 王 颖 女,1978出生于吉林长春,博士研究生,主要研究领域为网络与信息安全. E-mail:boblee2002@163.com;谷利泽 男,1965年出生于辽宁省营口,北京邮电大学副教授,主要研究领域为现代密码学及其应用.;杨义先 男,1961年出生于四川盐亭,北京邮电大学教授、博士生导师,主要研究领域为现代密码学、网络与信息安全.;董宇欣 女,1974年出生于黑龙江省,哈尔滨工程大学副教授,工学博士,主要研究领域为社会网络、信任演化、智能信息处理等.
    • 基金资助:
    • 国家自然科学基金 (No.61003285,No.61121061); 中央高校基本科研业务费专项资金 (No.2012RC0218,No.2012RC0219,No.2013RC0311)

EWFT:Execution-based Whitebox Fuzzing for Executables

WANG Ying1, GU Li-ze1, YANG Yi-xian1, DONG Yu-xin2   

  1. 1. Information Security Center, School of Computer, Beijing University of Posts and Telecommunications, Beijing 100876, China;
    2. Harbin Engineering University, Harbin 150001, China
  • Received:2013-06-30 Revised:2013-12-17 Online:2014-10-25 Published:2014-10-25
    • Supported by:
    • National Natural Science Foundation of China (No.61003285, No.61121061); Fundamental Research Funds for the Central Universities (No.2012RC0218, No.2012RC0219, No.2013RC0311)

摘要:

应用动态测试技术检测二进制程序的脆弱性是当前漏洞挖掘领域的研究热点.本文基于动态符号执行和污点分析等动态分析技术,提出了程序路径空间的符号模型的构建方法,设计了PWA(Path Weight Analysis)覆盖测试算法,实现了EWFT(Execution-based Whitebox Fuzzing Tool)原型工具.实验测试结果表明,EWFT提高了程序执行空间的测试覆盖率和路径测试深度,相比国际上同类测试工具,能够更加有效地检测出不同软件中存在的多种类型的程序漏洞.

关键词: 动态测试, 软件脆弱性分析, 测试用例生成, 压缩存储

Abstract:

The dynamic testing for automaticlly identifing security vulnerabilities in binary executables has received increasingly interest in recent years.In this paper, we present a new automated whitebox fuzzing tool EWFT(Execution-based Whitebox Fuzzing Tool), which implements dynamic symbolic execution and taint tracing techniques during program execution.Our contributions are:1)we propose a ROBDD(Reduced Ordered Binary Decision Diagram)-based approach to analyse execution process, 2)we introduce a new path weight analysis algorithm(PWA)for searching path space and automating test data generation, and 3)we build a prototype tool that automatically finds software vulnerabilities.Results of our experiments show that execution-based whitebox fuzzing is powerful to identify variety of security vulnerabilities in real applications.Compared to the related work in the research area, it explored deeper program paths on the average, and achieved higher structural coverage.

Key words: dynamic test, software vulnerability analysis, test generation, data compression

中图分类号: