PyFuzzer：自动化高效内存模糊测试方法

doi:10.3969/j.issn.1000-436x.2013.Z2.013

通信学报 ›› 2013, Vol. 34 ›› Issue (Z2): 64-68.doi: 10.3969/j.issn.1000-436x.2013.Z2.013

PyFuzzer：自动化高效内存模糊测试方法

李伟明,于俊清,艾少波

华中科技大学网络与计算中心，湖北武汉 430074

出版日期:2013-12-25 发布日期:2017-06-16
基金资助:
国家自然科学基金资助项目

PyFuzzer：automatic in-memory fuzz testing method

Wei-ming LI,Jun-qing YU,Shao-bo AI

Network and Computation Center,Huazhong University of Science and Technology,Wuhan 430074,China

Online:2013-12-25 Published:2017-06-16
Supported by:
The National Natural Science Foundation of China

摘要/Abstract

摘要：

针对传统模糊测试（fuzz testing）耗时、无法绕综合运用静态分析和动态跟踪技术的测试工具—PyFuzzer。整个过程高度自动化，通过WarFTPD、Serv-U等程序过有效性验证等缺陷，提出了基于快速内存模糊测试，进行测试，井和4n FTP Fuzzer进行对比，结果表明PyFuzzer能有效地发掘二进制程序中的各种漏洞，极大地提高了模糊测试的效率。

关键词: 模糊测试, 静态分析, 动态跟踪, 漏洞挖掘

Abstract:

Fuzz Testing is an effective method to mine all kinds of vulnerabilities.But the main drawbacks to current fuzz testing tools are:firstly,it produces high volume testing data and it’s extraordinary time consumption; secondly,if the accessing needs authentication,the greatest part of test data will be abandoned.PyFuzzer,a novel automatic in-memory fuzz testing tool combining static analysis,dynamic analysis and in-memory fuzz testing,was presented.The tool is highly automatic and effective.Compared with 4n FTP Fuzzer in testing WarFTPD and Serv-U,PyFuzzer can discover all vulnerabilities and improve test efficiency greatly.

Key words: fuzz testing, static analysis, dynamic tracking, vulnerabilities excavate

李伟明,于俊清,艾少波. PyFuzzer：自动化高效内存模糊测试方法[J]. 通信学报, 2013, 34(Z2): 64-68.

Wei-ming LI,Jun-qing YU,Shao-bo AI. PyFuzzer：automatic in-memory fuzz testing method[J]. Journal on Communications, 2013, 34(Z2): 64-68.

图/表 6

图1

表1

表2

图2

表3

表4

参考文献 10

[1]	中国国家漏洞库[EB/OL]..2013.
[2]	BARTON M , LOUIS F , BRYAN S . An empirical study of there liability of UNIX utilities[J]. Communications of the Association for Computing Machinery, 1990,33(12): 32-44.
[3]	JUSTIN F , BARTON M . An empirical study of the robustness of Windows NT applications using random testing[A]. Proceedings of the 4th USENIX Windows System Symposium[C]. Berkeley:USENIX Association, 2000. 1-6.
[4]	AITEL D . The Advantage of Block-Based Protocol Analysis for Security Testing[R]. Miami Beach:Immunity Inc, 2002.
[5]	何永君 . 基于动态二进制分析的网络协议逆向解析[D]. 郑州:解放军信息工程大学, 2010. HE Y J . Network Protocol Reverse Parsing Based on Dynamic Binary Analysis[D]. Zhengzhou:PLA Information Engineering University, 2010.
[6]	WANG T , WEI T , GU G ,et al. TaintScope:a checksum-aware directed fuzz testing tool for automatic software vulnerability detection[A]. Proceedings of the IEEE Symposium on Security and Privacy[C]. Oakland,CA, 2010. 497-512.
[7]	SUTTON M , GREENE A , AMINI P . Fuzz testing:Brute Force Vulnerability Discovery[D]. Addison-Wesley Professional, 2007. 13-15.
[8]	IOZZO V . Knowledge fuzz testing[A]. Proceedings of the Black Hat[C]. 2010.
[9]	吴志勇, 夏建军, 孙乐昌 . 多维Fuzz testing技术综述[J]. 计算机应用研究, 2010,27(8): 2810-2872. WU Z Y , XIA J J , SUN L C . Survey of multi-dimensional fuzz testing technology[J]. Application Research of Computers, 2010,27(8): 2810-2872.
[10]	EVANS D , LAROCHELLE D . Improving security using extensible lightweight static analysis[J]. IEEE Software, 2002,19(1): 42-50.

函数	黑名单	污点数据	优先级
strcpy	Y	Y	高
循环拷贝指令	Y	Y	高
fgets	Y	N	中
foo	N	N	低

操作数类型	字符符号
OPERAND_NONE ＂＂	x
OPERAND_IMMEDIATE = ＂Immediate＂	i
OPERAND_REGISTER = ＂Register＂	r
OPERAND_ABSOLUTE_ADDRESS	a
OPERAND_MEMORY = ＂AbsoluteMemory＂	m
OPERAND_FAR_MEMORY = ＂FarMemory＂	f

测试程序	函数数目	危险函数数目	JXX循环拷贝结构	Rep mov
WarFTPD 1.65	1 987	362	6	432
Serv-U build 4.0.0.4	2 392	580	13	719

程序/(工具)	测试结果	漏洞类型
WarFTPD1.65 (PyFuzzer)	CWD,CDUP,DELE,NLST,LIST	DoS
WarFTPD1.65 (PyFuzzer)	USER	Buffer overflow
Serv-U build 4.0.0.4 (PyFuzzer)	SITE CHMOD,MDTM,LIST	Buffer overflow
Serv-U build 4.0.0.4 (PyFuzzer)	XCRC,STOU,DSIZ	DoS
Serv-U build 4.0.0.4 (4n FTP Fuzzer)	SITE CHMOD,MDTM,SMNT	Buffer overflow
Serv-U build 4.0.0.4 (4n FTP Fuzzer)	STOU	DoS

PyFuzzer：自动化高效内存模糊测试方法

PyFuzzer：automatic in-memory fuzz testing method

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 6

参考文献 10

相关文章 10

Metrics

推荐阅读 0

[1]	孙鸿宇,何远,王基策,董颖,朱立鹏,王鹤,张玉清. 人工智能技术在安全漏洞领域的应用[J]. 通信学报, 2018, 39(8): 1-17.
[2]	乐德广,龚声蓉,吴少刚,徐锋,刘文生. RTF数组溢出漏洞挖掘技术研究[J]. 通信学报, 2017, 38(5): 96-107.
[3]	王志强，刘奇旭，张玉清. Android平台NFC应用漏洞挖掘技术研究[J]. 通信学报, 2014, 35(Z2): 16-123.
[4]	陈曦，田有亮，马卓，马建峰. 商业银行移动支付安全研究[J]. 通信学报, 2014, 35(Z2): 18-139.
[5]	王志强,刘奇旭,张玉清. Android平台NFC应用漏洞挖掘技术研究[J]. 通信学报, 2014, 35(Z2): 117-123.
[6]	陈曦,田有亮,马卓,马建峰. 商业银行移动支付安全研究[J]. 通信学报, 2014, 35(Z2): 131-139.
[7]	文伟平,梅瑞,宁戈,汪亮亮. Android恶意软件检测技术分析和应用研究[J]. 通信学报, 2014, 35(8): 78-85.
[8]	文伟平，梅瑞，宁戈，汪亮亮. Android恶意软件检测技术分析和应用研究[J]. 通信学报, 2014, 35(8): 11-85.
[9]	李伟明，于俊清，艾少波. PyFuzzer：自动化高效内存模糊测试方法[J]. 通信学报, 2013, 34(Z2): 13-68.
[10]	张友春,魏强,刘增良,周颖. 信息系统漏洞挖掘技术体系研究[J]. 通信学报, 2011, 32(2): 42-47.