Research On Fuzz Testing Method Based On Dynamic Symbolic Execution

With the development of the Internet,software has infiltrated all aspects of people's lives.Due to the increasingly diverse functions of software,the amount of code and complexity of software is getting higher and higher.The ensuing security concerns have drawn widespread attention.Software security issues affect the users' information security,once the information is leaked,it will cause irreparable consequences.So it is necessary to improve software security.Vulnerability detection is an effective way to improve software security.Therefore,the research of vulnerability detection technology is full of great significance.This paper research on fuzz testing based on dynamic symbolic execution.Main content is as follows:First of all,basic knowledge has been researched.Through reading a large number of documents,related research methods of the dynamic symbolic execution at home and abroad were studied and summarized.And the overall process of dynamic symbol execution was abstracted out.At the same time,the process and method of fuzz testing are studied to lay the foundation for the further research work.Secondly,the framework of test has been proposed.The dynamic symbolic execution method is applied to the fuzz testing to generate the test case.And the framework of fuzz testing method based on dynamic symbolic execution is studied.This framework contains instrumentation module,path constraint generation module and solver module.To begin with injecting the initial test case into framework,and randomness of generation of test cases of fuzz testing is reduced to improve efficiency of testing.Thirdly,the path traversal and solver of framework have been optimized.One is to solve the problem of low coverage rate and many test rounds of path traversal strategy in dynamic symbol execution by researching path traversal strategy based on generation.This method adds a scoring function,sorting the score and taking the path with the highest score as the next input.The other one is to solve the problem of inefficiency of the solver module in the dynamic symbol execution.So the parallel solver method is studied.This method adds an intermediate layer to the solver module,which achieved the function of adaptation.Then complete the constraint solution.Finally,experiment the solver and path constraint generation have been done.The solver module and path traversal strategy module in this method are respectively tested from the solver execution time and the number of test rounds.Through the detection of vulnerabilities in the CVE,this method is compared with other method.The experimental results show that this method can reduce the false rate and missing negative rate of test results to a certain extent,which proves the feasibility of the method.