EWFT:Execution-based Whitebox Fuzzing for Executables

WANG Ying; GU Li-ze; YANG Yi-xian; DONG Yu-xin

doi:10.3969/j.issn.0372-2112.2014.10.023

您当前的位置：

首页 >

文章列表页 >

EWFT:Execution-based Whitebox Fuzzing for Executables

更新时间：2025-07-16

- EWFT:Execution-based Whitebox Fuzzing for Executables
- Acta Electronica Sinica Vol. 42, Issue 10, Pages: 2016-2023(2014)
- 作者机构：
  
  1. 北京邮电大学信息安全中心,北京,100876
  2. 哈尔滨工程大学,黑龙江,哈尔滨,150001
  3. 北京邮电大学信息安全中心,北京,100876
  4. 哈尔滨工程大学,黑龙江,哈尔滨,150001
- 作者简介：
- 基金信息：
  
  National Natural Science Foundation of China (No.61003285, No.61121061);Fundamental Research Funds for the Central Universities (No.2012RC0218, No.2012RC0219, No.2013RC0311)
- DOI：10.3969/j.issn.0372-2112.2014.10.023
  CLC： TP309.5
- Published：2014
- 稿件说明：
移动端阅览
WANG Ying, GU Li-ze, YANG Yi-xian, et al. EWFT:Execution-based Whitebox Fuzzing for Executables[J]. Acta Electronica Sinica, 2014, 42(10): 2016-2023.
DOI：

WANG Ying, GU Li-ze, YANG Yi-xian, et al. EWFT:Execution-based Whitebox Fuzzing for Executables[J]. Acta Electronica Sinica, 2014, 42(10): 2016-2023. DOI： 10.3969/j.issn.0372-2112.2014.10.023.

摘要

应用动态测试技术检测二进制程序的脆弱性是当前漏洞挖掘领域的研究热点.本文基于动态符号执行和污点分析等动态分析技术

提出了程序路径空间的符号模型的构建方法

设计了PWA(Path Weight Analysis)覆盖测试算法

实现了EWFT(Execution-based Whitebox Fuzzing Tool)原型工具.实验测试结果表明

EWFT提高了程序执行空间的测试覆盖率和路径测试深度

相比国际上同类测试工具

能够更加有效地检测出不同软件中存在的多种类型的程序漏洞.

Abstract

The dynamic testing for automaticlly identifing security vulnerabilities in binary executables has received increasingly interest in recent years.In this paper

we present a new automated whitebox fuzzing tool EWFT(Execution-based Whitebox Fuzzing Tool)

which implements dynamic symbolic execution and taint tracing techniques during program execution.Our contributions are:1)we propose a ROBDD(Reduced Ordered Binary Decision Diagram)-based approach to analyse execution process

2)we introduce a new path weight analysis algorithm(PWA)for searching path space and automating test data generation

and 3)we build a prototype tool that automatically finds software vulnerabilities.Results of our experiments show that execution-based whitebox fuzzing is powerful to identify variety of security vulnerabilities in real applications.Compared to the related work in the research area

it explored deeper program paths on the average

and achieved higher structural coverage.

关键词

Keywords

references

Views

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

No data

Related Author

No data

Related Institution

No data

⁰