| With the development of computer science,to make full use of the performance of multicore computers,concurrency programs are becoming more and more widespread.Concurrency vulnerabilities are also increasing,becoming one of the threats to cyberspace security.Different from the traditional vulnerabilities that can be triggered by the sequential execution of a single thread,concurrency vulnerabilities need to be triggered by multithreaded interleaving.Fuzzing testing is outstanding in the field of vulnerability discovery,and many vulnerabilities have been found.However,they pay little attention to the interleaving execution of threads,and it is difficult to use it to discover concurrency vulnerabilities.Using fuzzing testing to discover concurrency vulnerabilities is of fatal importance.This paper focuses on concurrency vulnerabilities discovery technology and directed fuzzing testing technology.Specifically,the main research and innovations of this paper are as follows.(1)Thread priority instrumentation.This paper uses static analysis to mark the locations of multi-threaded shared memory and the locations that contain sensitive operations to shared memory.These locations are used as target locations in directed fuzzing.And performs code coverage instrumentation and thread execution priority scheduling instrumentation at these locations to adjust thread execution priority during fuzzing.(2)Seed mutation energy scheduling based on simulated annealing.In this paper,the seed mutation energy scheduling based on simulated annealing is adopted,and there is a certain probability of accepting a solution worse than the current one at a local optimal position,so as to jump out of the local optimality,and finally enable the fuzzing test to be quickly and directed to execute the positions that contain shared memory-sensitive operations.This technique can find multi-threaded concurrency vulnerabilities more efficiently.(3)Thread priority scheduling.When directed fuzzing is executed to a target location that contains sensitive operations to shared memory,the method of adjusting thread execution priority enables fuzzing to fully explore different thread execution orders and improve the ability to discover concurrency vulnerabilities.Finally,we propose a prototype system for fuzzing testing of concurrency vulnerabilities.This prototype system combines static analysis and directed fuzzing testing together.The static analysis focuses on marking the positions of multithreaded shared memory and sensitive operations on the shared memory;The directed fuzzing testing uses the positions marked by static analysis as the target position.And uses thread priority scheduling to fully explore the interleaving of threads after reaching the target positions.After the evaluation,the prototype system proves to be effective in concurrency vulnerabilities discovery. |
PDF Full Text Request