摘要
基于网络信息安全漏洞问题越来越受重视,针对漏洞研究中测试代码覆盖率和漏洞挖掘效率问题,设计并实现了基于混合符号执行的Fuzzing测试系统;该系统采用了指令动态追踪、混合符号执行、约束求解、测试用例生成及动态测试5个模块,通过对系统各个环节优化处理提高效率,并实验验证系统代码覆盖率较传统Fuzzing测试工具也有较大提高,得出了该系统能适用于大型应用软件测试的结论。
Worsening of network information security situation makes security vulnerabilities more and more being attentioned.In order to improve test code coverage and vulnerability mining efficiency,a Fuzzing test system based on concolic symbolic execution is designed and implemented.System is mainly composed of dynamic trace,symbolic execution,constraint solving,test case generation and dynamic testing of five modules.In order to improve the testing efficiency,all aspects of system are optimized as far as possible.And by experimental verifi cation,The code coverage of this system is improved greatly than traditional fuzzing testing tools.It is proved that the system can effectively find the exception exist in sample program,and can also be used for large applications software testing.
出处
《计算机测量与控制》
北大核心
2014年第12期4111-4114,4117,共5页
Computer Measurement &Control
基金
云南省教育厅科学研究基金项目(2013C155)
