Research On Software Security Vulnerability Discovery Based On Fuzzing

With the advent of information age, computer software is widely used in various fields. Harms caused by software security vulnerabilities are increasingly heavily. More and more people attach importance to the discovering technology of software security vulnerabilities which can effectively discover and eliminate software security vulnerabilities. According to the generation mechanism for security vulnerabilities and limits of existing discovering techniques, this paper proposed and implemented a new discovering technique of software security vulnerabilities on the basis of the study about existing discovering technology of software security vulnerabilities to improve the discovering efficiency of security vulnerabilities.This paper first described the definition of software security vulnerabilities and causes of software security vulnerabilities. Then it summarized the classification and the principle of formation of software security vulnerability. The various categories of discovery technology of software security vulnerability and its technical characters are study and analyzed.According to the major generation mechanism of software security vulnerabilities that most vulnerabilities caused by the combination of external input data with internal unsafe function call, we address a new discovery technology of software security vulnerabilities based on fuzzing technology. This method includes four key technologies.(1) Based on the formation and characters analysis of disassemble code of target program, unsafe function locating technologies is to use static reverse analysis technology to accurately identify and locate the unsafe function call in executable code. This method can be used to support test object in test of vulnerabilities discovery. Also it can be applied on widely used commercial software without source code. (2) According to the fact that vulnerabilities are mainly resulted by external input data, dynamic tracking technology based on input is dynamic tracking the receiving and using of input during program is running. This method can significantly increase the efficiency of vulnerability discovering because of aiming at the function which includes the operations on input data and calls to unsafe functions. (3) Data generation technology based on vulnerability type and code coverage is to generate fuzz dataset according to the feature of varieties of common vulnerabilities and constant data referred by compare instructions in objective program. This method effectively enhances the objective and improves the efficiency and code coverage of testing. (4) Aiming at the problem that most test cases could not pass the check of software, fault injection technique based on snapshot recovery is to test on objective functions within the target procedure directly by snapshot recovering. The fact that error injecting is within the target procedure avoided impact factors of the starting and exiting time of program and the delay and affect of network transferring. It also reduced lots of consume of system resources and testing time and could significantly increase the efficiency of testing.We designed and implemented a prototype testing tool based on this method. And this test tool is used to do experiments of discovering software vulnerabilities on two programs. The results of experiments show that the test tool can find security vulnerabilities in software and demonstrate the feasibility and effectiveness of the technology.