Research On Fuzz Testing Technology Based On Environment

Fuzz testing is a kind of automatic or semi-automatic method for discovering software vulnerabilities with advantages as good usability, high degree of automation, low misstatement rate, no dependence to source code, and so on. Fuzz testing has been proved to be an effective method for detecting vulnerabilities.We first verify the current fuzz testing technology in the effectiveness of detecting vulnerabilities. With the help of SecurityFocus, we classify all the vulnerabilities of ftp servers and verify the effectiveness of traditional fuzz testing techniques when used for reproducing most vulnerabilities. Experimental results affirmed the effectiveness of traditional fuzz testing techniques, at the same time; there are some blind spot for the traditional fuzz testing technology such as big workload and poor pertinence. This paper mainly focuses on the following:1) Fuzz testing based on the vulnerability database.Test cases constructed in this method have stronger pertinence as they are directly related to vulnerability database which may reflect the mistakes the programmers made before; Also we have extended test suites based on the original vulnerability database which appeared to discover unknown but also belong to the kind of vulnerabilities to broader test case coverage and guarantee the randomness; And this technology does not need much work about input specifications, no need of too much assumptions makes it possible to improve the pertinence and ensure the randomness of the test cases.2) Fuzz testing based on environment.Test cases produced by fuzz testing based on the vulnerability database testing technology can not get satisfactory neither in reusability nor extensibility, with no ability to reveal the essence of vulnerability. We proposed in chapter 4 of the fuzz testing technology based on environment. By extracting the environment during the program development and the process of operation, in view of its dependence on for each environment, we construct fuzz test cases set which contains environment characteristics. The test cases construct this way guarantee vulnerability mining ability; meanwhile have higher reusability and expansibility.We do experiments on several ftp and sftp servers running on windows platform and find nine new security vulnerabilities in six servers. Experimental results prove the effectiveness of this method.