高级检索

    CBFuzzer:基于执行上下文导向及保护突破的程序缺陷模糊检测

    CBFuzzer: Fuzzy Detection of Program Defects Based on Execution Context Orientation and Protection Breakthrough

    • 摘要: 大量的应用实践证明了模糊测试用于检测程序脆弱性的有效性. 现有的模糊测试方法缺少针对具体测试任务表现的差异性进行分析并适当地调整测试策略,更多的是采取统一流程导致测试结果差强人意. 有必要根据测试过程中的具体信息对策略进行修正以达到更好的测试表现,提出了一种新的基于执行上下文导向的程序缺陷模糊测试方法,并能突破保护机制,通过捕获并分析受检程序对输入测试用例实际处理过程中的具体上下文信息,快速探索程序结构特征,对样本突变策略进行优化. 同时,在相关算法的基础上实现了基于执行上下文导向的程序缺陷模糊检测原型工具CBFuzzer.实验结果表明,CBFuzzer能有效地实现对程序内部结构的快速探索(包括对保护机制的突破)、非常规程序状态转换的模拟以及更高效的脆弱点暴露. 与对照方法相比,CBFuzzer在脆弱点暴露能力方面有6.8%~36.76%不同程度的提升,实际脆弱点的检出数量提升率最高达到66.67%. 在可接受范围内的少量额外测试资源的投入下,CBFuzzer不仅在常规漏洞类型的检出效果上得到提高,并且对于隐匿性强的漏洞类型有更高的检测能力. 截至2023年8月10日,通过CBFuzzer在13个测试任务中共发现了126个新的漏洞(已报告给软件开发者,并提交给CVE®组织).

       

      Abstract: A large number of application practices have proven the effectiveness of fuzzy testing to detect program vulnerabilities. The existing fuzzy testing methods lack the analysis of differences in performance specific to the testing tasks and adjust testing policies appropriately. Instead, they mostly adopt a unified process, resulting in unsatisfactory testing results. It is necessary to modify the policy based on specific information during the testing process to achieve better testing performance, and a new program defect fuzzy testing method based on execution context orientation is proposed, which can break through the protection mechanism. By capturing and analyzing specific contextual information during the actual processing of input test cases by the tested program, and achieving rapid exploration of program structural features, the sample mutation policy can be optimized. Meanwhile, a prototype tool CBFuzzer for program defect fuzzy detection based on execution context orientation is implemented. The experimental results indicate that CBFuzzer can effectively explore the internal structure of programs (including breakthroughs in protection mechanisms), simulate unconventional program state transitions, and more efficiently expose vulnerability points. By comparison, CBFuzzer shows improvements ranging from 6.8% to 36.76% in terms of vulnerability exposure, with the highest increase in the number of actual vulnerabilities detected reaching up to 66.67%. With the investment of a small amount of additional testing resources within an acceptable range, CBFuzzer not only achieves improved detection performance for regular types of vulnerabilities but also exhibits higher detection capabilities for vulnerabilities with strong concealment. As of August 10, 2023, a total of 126 new vulnerabilities have been identified through the utilization of CBFuzzer in 13 testing tasks (reported to related software developers and submitted to CVE® organization).

       

    /

    返回文章
    返回