| Among many vulnerability mining methods,fuzzy testing technology has good scalability and is a very effective analysis technology for mining software vulnerabilities.The existing grey box fuzzy testing technology still has some shortcomings,such as the problem of missing information in statistical code coverage,insufficient attention to the basic blocks with memory operations,and so on.Aiming at improving the vulnerability detection ability of gray box fuzzy tester,this paper focuses on solving the problems of insufficient consideration of the reachability relationship between non adjacent basic blocks in the edge coverage measurement method,resulting in the effective seeds not being retained,and insufficient consideration of the distribution of vulnerability code when generating test cases by conventional fuzzy tester,resulting in the low efficiency of vulnerability detection.In view of the above problems,this paper has carried out corresponding research:Firstly,in view of the insufficient consideration of the reachability relationship between non adjacent basic blocks in the edge coverage measurement method,an ordered sequence coverage measurement method is proposed,and a hash algorithm is designed to store the ordered sequence information.The ordered sequence can record more information than the edge,It will not encounter the problem of path explosion like recording path information,and an algorithm needs to be designed to filter the path.The ordered sequence coverage measurement method enables more test cases that trigger new paths to be retained and improves the probability of discovering vulnerabilities;Then,aiming at the problem that the vulnerability code distribution is not fully considered when the conventional fuzzer generates test cases,the seed selection strategy of priority memory instructions and the energy allocation scheme considering memory operation are proposed.During seed selection,in addition to selecting the same seed subset as the edge covered by the original seed set,select the seed subset closely related to memory operation,and take the union of the two subsets.At the same time,during energy allocation,more energy is allocated to the seeds closely related to memory operation.While ensuring that the subset can cover the original edge,higher priority is given to the seeds related to memory operation,so that the fuzzy tester pays more attention to the code blocks related to memory operation,so as to find more security vulnerabilities;Finally,a sequence oriented fuzzy test vulnerability mining method with priority memory is proposed,and a sequence oriented fuzzy test vulnerability mining system with priority memory is designed.In order to verify the effectiveness of the improvement proposed in this study,this study selects the lava-m data set and a variety of application software.Firstly,the code coverage before and after modifying the coverage measurement method is compared.The experimental results show that the improved scheme can find more paths,that is,trigger more basic blocks;Then,the number of triggered crashes before and after modifying the seed selection strategy and energy allocation scheme are compared.The experimental results show that the number of triggered crashes of this scheme is more than that of the original gray box fuzzy tester on lava-m data set;Finally,the number of vulnerabilities found by the proposed vulnerability mining method is compared with the original method.The experimental results show that the number of vulnerabilities found by the fuzzy test vulnerability mining method in the real program is more than that of the original gray box fuzzy tester.The above experimental results show that the improvement proposed in this study improves the code coverage and the execution probability of code blocks containing memory operations,and enhances the ability of vulnerability mining. |
PDF Full Text Request