高级检索

    模糊测试中的静态插桩技术

    Static Instrumentation Techniques in Fuzzing Testing

    • 摘要: 模糊测试是一种行之有效的软件缺陷检测方法. 其基本思想是生成大量随机输入,从而广泛探索程序行为,并以此发现程序崩溃和崩溃背后的软件缺陷. 显然,纯随机的输入无法高效探索程序行为,大量程序缺陷也难以导致崩溃. 为了进一步提升模糊测试的有效性,模糊测试往往引入静态插桩技术,用于加快探索程序状态空间速度,提升发现缺陷的能力.因此,引入静态插桩已经成为当下模糊测试的经典实践. 聚焦于模糊测试场景下的插桩需求,除了介绍静态插桩技术的基本原理外,从安全特性强化和导向信息收集两个视角出发,系统性地分析了当下静态插桩的典型方法. 同时,针对插桩的额外开销问题,全面地测量了不同插桩方案下的程序的执行速度,并与基线的未插桩程序进行比对. 最后基于上述分析和测量,初步展望了静态插桩的优化方向.

       

      Abstract: Fuzzing testing is a well-established method for detecting software defects. Its basic idea is generating a large number of random inputs to explore the program behavior extensively and then to monitor the crashes and reveal the software defects behind the crashes. Obviously, purely random inputs cannot explore program behavior efficiently and a large number of program defects can hardly lead to crashes. To further enhance the effectiveness of fuzzing testing, static instrumentation techniques are often introduced in fuzzing testing to speed up the exploration of the program state space and improve the ability of defect detection. As a result, using static instrumentation has become a de facto practice in fuzzing testing nowadays. In this paper, we focus on the instrumentation requirements under the background of fuzzing testing. Besides introducing the basics of static instrumentation, we systematically analyze the typical schemes of static instrumentation from two perspectives, i.e., security hardening and guidance collection. In addition, we investigate the challenge of execution overhead. Specifically, for a comprehensive set of instrumentation schemes, we measure the execution speed of the instrumented program and compare it to non-instrumented programs of the baseline. Finally, based on the above analyses and measurements, we provide a primitive analysis over the optimization directions of static instrumentation.

       

    /

    返回文章
    返回