| As one of the important national infrastructures,the performance of network devices in terms of security is getting more and more attentions from the public.The security of network protocols,as an important component supporting the operation of network devices,is especially critical.Fuzzy testing is one of the important techniques used by researchers to test software vulnerabilities and has been widely used in various fields.Existing fuzzy testing techniques for network protocols mainly focus on black-box fuzzy testing.Although its testing speed is fast,the randomness and blindness of test sample generation lead to less effective testing than gray-box fuzzy testing which utilizes execution-time information feedback.How to use gray-box fuzzy testing technology to test network protocol software more conveniently,effectively and universally is a problem worthy of further study.To address the problems mentioned above,this thesis proposes and implements a gray-box fuzzy testing system for network protocols through target analysis and scheme design.The main contributions are as follows:(1)Study the overall scheme of network protocol gray-box fuzzy testing system.By analyzing the difficulties of network protocol fuzzy testing and the advantages and disadvantages of the existing schemes,this thesis summarizes three major objectives for network protocol fuzzy testing,i.e.,simplify the process of model file construction,improve code coverage and enhance extensibility,and design an overall scheme of network protocol gray-box fuzzy testing system.(2)Study the key technologies of network protocol gray-box fuzzy testing system.For simplifying the process of model file construction,an automatic model file generation technology is studied,and a syntactically concise template input scheme is proposed,which can reduce the input scale of testers and quickly generate effective model files.For improving the code coverage,this thesis studies the state-oriented gray-box fuzzy testing technology,and designs a gray-box fuzzy testing engine and an intelligent state-oriented engine to ensure that the testing system can perform gray-box fuzzy testing for any reachable state of the network protocol,and at the same time support automatic and continuous testing of preset multiple target states.For enhancing the extensibility,the mode control technology is studied to support three modes of network protocols(server-side,client-side and routing protocol software)to ensure the scalability and versatility of the testing system.(3)Design network protocol gray-box fuzzy test system verification experiments.In order to verify the ability of automatic model file generation,the advantages of automatic model file generation are analyzed in three aspects(code input scale,syntax complexity and effectiveness of generated model files)based on the experiments of automatic model file generation for OSPF protocols.To verify the testing system's ability to improve code coverage,DNS server and RTSP server are tested and the test results are compared with AFLNET and Peach tools.To verify the testing system's mode control capability,the FTP client and TFTP client used in the Pica8 white-box switch,the RIP protocol implementation and the OSPF protocol implementation in the Quagga software were tested.The results show that the network protocol gray-box fuzzy testing system designed in this thesis can effectively simplify the model file construction process and improve the code coverage,while having strong extensibility and generality. |
PDF Full Text Request