利用Fuzzing技术对可信软件栈(TSS)进行软件代码脆弱性以及安全漏洞测试,通过故障注入、畸形数据构造以及异常行为捕获,发现了T SS软件代码中的安全缺陷,根据T SS的系统结构与具体机制,设计并实现了相关测试原型系统,对TSS软件产品进行了测试,实验结果表明:TSS软件产品并不完全符合可信规范的要求,TSS中的若干API功能函数中存在可被利用的安全漏洞。%Fuzzing testing technology is utilized to find security faults and codes vulnerability for TCG software stack (TSS) .By using fault injection ,abnormal data structure and capture abnormal behavior ,security flaws in TSS are found in this paper .According to TSS'structure and specification ,the relevant test prototype system is designed and implemented to test some kinds of TSS products .Experiment results show that TSS products do not fully comply with the requirements of specification ,there are some vulnerability in API functions of TSS .
展开▼
