| With the rapid development of information technology,software has become very important in our everyday lives.At the same time,the security of software also attracts lots of attention in software research.As an effective and practical testing technique,fuzzing shows an outstanding performance in finding program errors and vulnerabilities,which makes it an eye-attracting technique.In recent years,most research on fuzzing focuses on how to reduce its blindness and improve its accuracy.By contrast,another program analysis technique,concolic execution,can generate high-quality test cases by symbolizing inputs,and collecting and solving constraints.This technique can accurately cover program paths but usually cost much time.The complementary advantages of both techniques are a research highlight,and have got some preliminary achievements.This thesis focuses on how to explore the space of combing concolic execution and fuzzing effectively.Specifically,this thesis analyzes the reason behind a current problem in this direction(i.e.neglecting solving some program pathes)and proposes an improved program-path-recording method to solve this problem.This thesis also implements a binary analysis tool,named Digger,based on the proposed approach.Digger can handle 64-bit and 32-bit binaries on Linux OS.It supports target programs reading input from both stdin and other files,or with extra arguments.This thesis tests Digger on both a manully-crafted program and some real-world applications(e.g.coreutils,gif2png,etc.).Experimental results show that Digger can achieve higher code coverage and find more bugs,compared with an outstanding tool in this area. |
PDF Full Text Request