| With the rapid development of information technology,the information security situation is becoming increasingly severe,and information security incidents occur frequently.Among these security incidents,the exploitation of software security vulnerabilities accounts for a certain proportion,which may have extremely serious impact.Fuzz testing is an important vulnerability mining technology,which has been widely used in various fields.With the increase of software volume and the limitation of testing time by developers,parallelization acceleration has become a practical fuzz testing optimization method.Currently,there are two routes for parallel scaling of fuzz testing technology: homogeneous parallel scaling and heterogeneous parallel scaling.However,homogeneous parallel scaling suffers from insufficient test strategy diversity and heterogeneous parallel scaling suffers from inefficient resource usage and test redundancy,both of which affect the further improvement of test efficiency.Aiming at the above problems,this thesis aims to improve the efficiency of parallel fuzz testing,and designs and implements a dynamic strategy parallel fuzz testing system.The core work is as follows:(1)The overall framework of the dynamic strategy parallel fuzz testing system has been studied.By analyzing the difficulties of parallel fuzz testing and the advantages and disadvantages of existing solutions,three goals(Improve information collection capability,improve system resource use efficiency,optimize seed selection strategy)are proposed to improve the overall testing efficiency of the system,and a overall framework of dynamic strategy parallel fuzz testing system is designed.(2)The key technologies of dynamic strategy parallel fuzz testing system has been studied.For the first goal,research information collection and synchronization technology,so that the system can extract fine-grained information and synchronize seed files when the fuzz testing instance is running,and the fine-grained information can provide information guidance for optimizing parallel fuzz testing.Aiming at the second goal,research the dynamic allocation technology of system resources,which can effectively predict the efficiency of each fuzz testing instance in the future time period according to the historical execution of the test,and adjust the system resources occupied by each instance according to the prediction results,so that the efficiency higher instances can be allocated more system resources.For the third goal,the cross-instance seed scheduling technology is studied,and the inverse relationship between seed execution efficiency and seed execution times in parallel fuzz testing is analyzed,and the fuzz testing instance can reduce the selection probability of inefficient seeds through the global database.(3)The verification experiment of the dynamic strategy parallel fuzz testing system has been designed.The functional verification experiments show that the system has the ability to effectively collect information,improve the efficiency of system resource usage,and optimize seed selection strategies.In order to verify the ability of the test system to improve test efficiency,four software in the Binutils tool set are tested from the two dimensions of code coverage and crashes.The test results are improved compared with the benchmark,among which the number of path coverage and the number of crashes after ASAN de-duplication are improved by 6.9% and 41.5% respectively.The experiment proves that the dynamic strategy parallel fuzz testing system designed in this thesis can effectively improve the testing efficiency. |