Research On Parallel Smart Gray Box Testing System

Fuzzing test is an important method in vulnerabilities discovery. But it generates test case without the knowledge of target program. This makes the coverage of test case very low. To solve this problem, researchers introduce the smart gray box testing technology. Smart gray box testing technology uses the dynamic taint analysis technology to get the information of the target program and uses the concolic execution technology to generate test case with acquired information. The test case generated by smart gray box testing technology has higher coverage than traditional fuzzing test.There are two problems in present smart gray box testing technology: First, since the smart gray box testing need to track the execution of target program and generate new test case, the process is time consuming; Second, most researchers focus on the coverage of test case, the ability of test case to trigger the vulnerability is low. In this paper, we introduce a parallel smart gray box testing technology and a compound test case generation technology. The core of our gray box testing technology is a path select algorithm of concolic execution which can apply in parallel environment. This algorithm generates new execution path by negate the conditions of previous one. It limits the range of the conditions and negate multiple conditions when executes the negate operation. This algorithm enable many hosts to execute the same test simultaneously to reduce the time of the whole test. In compound test case generation, we add some data to the test case generated by concolic execution. The way to generating the added data is learned from fuzzing test. The final test case has two parts:one is used to promote the coverage; the other one is used to improve the ability to trigger the vulnerability. We design and implement a system based on the research in this paper. The system is called Diting. It is based on the C/S architecture. The server and clients communicates via TCP/IP network. In this system, there is one server and many clients. The server is in charges of management of the whole test and storing the data. The client is responsible for the execution of the test case and generating new test case. We conduct an experiment with the help of Diting. Experiments show that Diting is efficient for vulnerabilities discovery.