| Session initiation protocol has basic functions such as user registration,calling process control, proxy mechanism and redirection mechanism. However,the SIP protocol is designed without taking enough consideration on security.The security issue of SIP protocol is becoming a key factor in the development of the next generation network.The security of the SIP protocol depends on the robustness of the SIP protocol stack. In order to ensure robustness of the SIP protocol stack and solve the security issues of SIP protocol, it is necessary to discover the implementation vulnerability of the SIP protocol stack. In the related industry, most of the vulnerability discovery methods are fuzzing test. Fuzzing test can discover some vulnerabilities of the SIP protocol stack. However, most of the traditional fuzzing test methods are random-based. The volume of test data is large and the testing efficiency is low. In order to improve the efficiency and accuracy of vulnerability exploitation, the author adopts the method of symbolic execution to generate testing data during the execution of the program.The method proposed by the author utilizes hazard functions to locate the vulnerability triggering point, mixes traversal in depth and width to determine the path of the execution and uses the symbol execution method to determine the condition of the vulnerability triggering. According to the condition, the proposed system produces malformed SIP signaling targeting the SIP protocol stack and confirms the vulnerability with a testing module. The generated testing set of abnormal SIP singling is not only more targeted,but also is able to improve the efficiency and accuracy of vulnerability discovery. |
PDF Full Text Request