Research On Dynamic Generation Of Fuzzing Test Cases Based On Symbolic Execution

Software security vulnerability is one of the core components of the network information security and doing research on improving the code coverage of Fuzzing test is of great significance as Fuzzing test is a very important technique for detecting software security vulnerabilities. This thesis combined symbolic execution and Fuzzing test to improve the code coverage of the test.The general procedure of Fuzzing test and the main approaches adopted for generating test data were summarized, following which the basic theory and the applications of symbolic execution were also analyzed, and then a Fuzzing test approach based on symbolic execution was presented. A dynamic approach based on dynamic binary instrumentation was introduced to analyze the target applications after the comparisons between the existing analyzing methods for executables. A multi-tagging dynamic taint analyzing method was proposed to decide the input-dependence of the instructions, which was also applied to select target condition branches and simplify program slices. A reducible program slicing algorithm, which was used for simplifying path constraints, was presented to extract the key instructions that had influences on target condition branches, and then unrelated path constraints were pruned further through key inputs. The path constraint solving based on STP was designed and implemented to construct new input test data. A generation-based path exploring algorithm was studied and implemented to direct path constraints generating and new test data were selected according to a path selecting policy, which maximized the code coverage of test.This thesis designed and implemented a prototype system for generating test data dynamically through the Fuzzing test based on symbolic execution, and the testing for the prototype system was presented. According to the results, the Fuzzing test based on symbolic execution has remarkable advantage in improving the code coverage and the prototype system is of great value in detecting software security vulnerabilities.