摘要
模糊测试在挖掘软件安全漏洞、提高软件安全性方面发挥着巨大的作用,本文针对模糊测试变异策略效率较低以及种子评分策略不合理的问题进行了讨论,提出了基于聚类的变异优化策略和基于新覆盖信息的能量分配策略.第1个改进策略通过产生新覆盖的非确定性变异提取有效的组合变异位置,然后利用聚类算法进一步确定有效变异的位置,在变异阶段对有效变异的位置进行细粒度确定性变异.本文第2个改进策略针对种子评分策略,种子产生的新覆盖信息与静态分析的分支转移信息作为种子评分的重要指标.我们将改进后的模糊测试工具-AgileFuzz与现有的模糊测试改进工具AFL 2.52b、AFLFast以及EcoFuzz进行比较,对binutils、libxmll2等开源程序进行了多次实验.实验结果表明, AgileFuzz在相同时间内发现了更多的程序分支覆盖,并且在测试过程中发现了fontforge、harfbuzz等开源软件中5个未知的漏洞.
Fuzzing plays a huge role in discovering software security vulnerabilities and improving software security. This study discusses the low efficiency of the mutation strategy for fuzzing and the unreasonableness of the seed scoring strategy and proposes a mutation optimization strategy based on clustering and an energy allocation strategy based on new coverage information. The former improvement strategy extracts the positions of effective combined mutations by generating new coverage of non-deterministic mutations, uses clustering algorithms to further determine the positions of effective mutations, and implements fine-grained deterministic mutations at positions of effective mutations in the mutation stage. The latter improvement strategy in this study is for the seed scoring strategy. The new coverage information generated by the seed and the branch transfer information from the static analysis are used as important indicators of seed scoring. We compare the improved fuzzing tool AgileFuzz with existing ones such as AFL 2.52b,AFLFast, and EcoFuzz and conduct multiple experiments on open source programs such as binutils and libxml2. The experimental results show that AgileFuzz finds more program branch coverage in the same amount of time. Meanwhile,five unknown vulnerabilities in fontforge, harfbuzz, and other open source software are discovered during the testing.
作者
程亮
王化磊
张阳
孙晓山
CHENG Liang;WANG Hua-Lei;ZHANG Yang;SUN Xiao-Shan(University of Chinese Academy of Sciences,Beijing 100049,China;Trusted Computing and Information Assurance Laboratory,Institute of Software,Chinese Academy of Sciences,Beijing 100190,China)
出处
《计算机系统应用》
2022年第9期192-200,共9页
Computer Systems & Applications
基金
国家自然科学基金(62072448)。
关键词
模糊测试
漏洞挖掘
聚类算法
静态分析
fuzzing
vulnerability discovery
clustering algorithm
static analysis