Research On Key Techniques Of Concolic-Based Fuzz Testing To Binary Software

With the development of society, people pay more and more attention to the quality of software. As an important technology, fuzz testing plays a very important role in software quality assurance. But with the increasing scale of software, traditional fuzz testing technology is difficult to complete the verification of the whole program states, in order to solve this problem, the researchers try to mine internal structure of program for constructing an effective fuzzy test case. Under this goal, researchers have proposed a variety of techniques, as it has the advantages of no need of source code, low false positive and test case generation, concolic-based binary software fuzz testing technology has been widely studied and applied. concolic-based binary software fuzz testing technology mainly uses dynamic Taint Analysis and other techniques to dig the internal structure of the program, and then uses the symbolic execution technology to generate test cases with high coverage.But at present, there is a problem in concolic-based binary software fuzz testing technology: the researchers pay more attention to the test case coverage problem, but ignore the vulnerability of the test case, that is,ignore the corresponding defect trigger modeling. So even if the path is covered, the possibility of building the vulnerability-triggered test case is relatively low.In order to solve this problem, this paper proposes a method of vulnerability modeling based on Taint Analysis and symbolic execution,which is a method to generate test cases by TSM. On the premise of making full use of the original concolic-based binary software fuzz testing tools framework, extended taint analysis ability, so as to construct the defect trigger mode, after the defect pattern matching, using taint analysis results of defect triggering constraints to construct test cases, and finally using symbolic execution to produce trigger-defect test cases.Experiments and tests show that the TSM method proposed in this paper can effectively improve the ability to exploit the vulnerability of concolic-based binary software fuzz testing technology.