A Method of Combining Symbolic Execution to Improve the Efficiency of Software Fuzz Testing

Abstract

The invention discloses a method for improving the efficiency of software fuzz testing by combining symbolic execution. The steps include: S1. Preprocessing the target program to obtain information about the target program; S2. Inputting the target program into a fuzzer to generate a test case and detecting the program Whether an exception occurs; S3. Construct scheduling parameters based on path coverage, calculate scheduling parameters in the fuzzing test process, and judge the state of the fuzzer. If it is in a low-speed state, go to step S4. If it is in a high-speed state, return to step S2. Stalled state, exit test; S4. Identify untraversed branches in the fuzzing test process, construct untraversed program paths, use symbolic execution methods to generate effective test cases to stimulate the fuzzer to a high-speed state, if it cannot be generated and is in a stagnant state, Exit the test. The invention has the advantages of simple realization principle, good loophole mining performance and high efficiency, low false alarm rate, flexible and reliable use, and the like.

Description

technical field [0001] The invention relates to the technical field of vulnerability mining of non-source code executable binary programs, in particular to a method for improving the efficiency of software fuzz testing in combination with symbolic execution. Background technique [0002] With the increasing attention to software security issues, vulnerability mining technology has gradually become the current focus of research. Vulnerability mining technology refers to the exploration of unknown vulnerabilities, and the comprehensive application of various technologies and tools to find potential vulnerabilities in software as much as possible. The traditional vulnerability mining technology including static analysis technology and dynamic analysis technology is not only time-consuming and labor-intensive, but also difficult to scan every software for all-round vulnerabilities, and it is very easy to miss vulnerabilities. Therefore, even the rigorously tested software , aft...

AI Technical Summary

Problems solved by technology

White-box testing has the characteristics of strong coverage, but this method requires a lot of manual analysis, and the complexity is very high. When the source code of the software to be tested has hundreds of thousands of lines or more, the operability is relatively poor

[0006] 2. Black box testing: It is a method of directly writing test cases for testing without knowing the internal details of the software to be tested. It is easy to operate and does not need to obtain the source code of the software to be tested. The usability is good, but most of the test cases come from testers Subjective guess, poor coverage

Although gray box testing has good usability, it has a lot of complexity, especially in the binary audit work, which will spend a lot of time

[0008] The above three fuzz tests have their own defects, and they are not well compatible with binary programs without source code. The generated test cases have problems such as blindness and low code coverage.

Images