传统模糊测试中,由于不同的输入可能重复测试相同的状态空间,导致其效率严重低下。提出一种基于动态污点分析与输入分域技术相结合的二进制程序导向性模糊测试技术,可以对典型安全敏感操作与一般模块函数进行导向性模糊测试,很好地解决了传统模糊测试效率低下的问题。实现了二进制导向性模糊测试的原型系统TaintedFuzz,实验证明,该系统能够对二进制程序中存在的典型安全漏洞进行高效地发掘。%Since traditional fuzzy testing may test the same state space repeatedly due to the different input,and lead to a low efficiency,a binary oriented fuzzy testing technique based on dynamic taint analysis combined with input field classification technology is presented in this paper,which can perform the oriented fuzzy testing for typical security-sensitive operation and general module function,and serve as a good solution to the problem of low efficiency of the traditional fuzzy testing. The proto-type system TaintedFuzz was also realized for binary oriented fuzzy testing. The experiment proves that the method is capable of exploring the typical security vulnerabilities in the binary program efficiently.
展开▼