期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于补丁比对的Concolic测试方法 被引量:4

Concolic testing based on patch comparisons
原文传递
导出
摘要 该文提出了一种基于二进制补丁比对的Concolic测试方法,用于对软件进行漏洞分析。该方法将补丁比对技术与Concolic测试方法进行了结合,首先通过补丁比对收集存在漏洞Sink点的程序路径,然后利用该结果指导Concolic测试,从而极大地减少测试的路径数量。研究结果表明:相对于传统的Concolic测试,该方法能够较为有效地指导Concolic测试,能够减少测试路径的数量,降低测试过程中资源的开销,是一种漏洞发现和验证的有效手段。 This paper presents a Concolic testing method based on binary patch comparisons for vulnerability analyses. The patch comparisons find Sink points in the program which are then used in the Concolic testing to reduce the number of tested paths. Tests show that the method more effectively guides the Concolie testing than traditional Concolic testing and greatly reduces the number o{ test paths and the testing cost. This method provides effective vulnerability discovery.
作者 王欣 郭涛 董国伟 邵帅 辛伟
机构地区 中国信息安全测评中心
出处 《清华大学学报(自然科学版)》 EI CAS CSCD 北大核心 2013年第12期1737-1742,共6页 Journal of Tsinghua University(Science and Technology)
基金 国家"八六三"高技术项目(2012AA012903) 国家自然科学基金资助项目(61272493)
关键词 Concolic测试 补丁比对 漏洞分析 Concolic testing patch compare vulnerability analysis
分类号 TP393 [自动化与计算机技术—计算机应用技术]
作者简介 王欣(1985-),男(汉),北京,助理研究员。E—mail.WXitsec@163.com
  • 相关文献

参考文献17

  • 1Sen K, Marinov D, Agha G. CUTE: A concolic unit testing engine for C [C]//Proceedings of the 10th European Software Engineering Conference Held Jointly with 13th ACM SIGSOFT International Symposium on Foundations of Software Engineering. New York, USA: Association for Computing Machinery, 2005 : 263 - 272.
  • 2Flake H. Structural comparison of executable objects [C]// Proceedings of the IEEE Conference on Detection of Intrusions and Malware & Vulnerability Assessment. Dortmund, Germany: IEEE Press, 2004: 161- 174.
  • 3Dullien T, Rolles R. Graph-based comparison of executable objects [J]. Symposium on Security Technology of Information and Communications, 2005, 5: 1 - 3.
  • 4Brumley D, Poosankam P, Song D, et al. Automatic patch-based exploit generation is possible: Techniques and implications [C]// Proceedings of 2008 IEEE Symposium on Security and Privacy. Oakland, USA: IEEE Press, 2008: 143 - 157.
  • 5Cadar C, Dunbar D, Engler D R. KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs [C]// Proceedings of the 8th USENIX Symposium on Operating Systems Design and Implementation. San Diego, USA: USENIX Press, 2008, 8 : 209 - 224.
  • 6Sen K. Concolic testing and constraint satisfaction [C]// Proceedings of the 14th International Conference on Theory and Applications of Satisfiability Testing. Berlin, Germany: Springer, 2011: 3-4.
  • 7Song D, Brumley D, Yin H, et al. BitBlaze: A new approach to computer security via binary analysis [C]// Proceedings of the 4th International Conference on Information Systems Security. Berlin, Germany: Springer, 2008: 1-25.
  • 8Xu R G, Godefroid P, Majumdar R. Testing for buffer overflows with length abstraction [C]// Proceedings of the 2008 International Symposium on Software Testing and Analysis. New York, USA: Association for Computing Machinery, 2008.- 27-38.
  • 9Tillmann N, Schulte W. Unit tests reloaded: Parameterized unit testing with symbolic execution [J]. Software, 2006, 23(4) : 38 - 47.
  • 10Nori A V, Rajamani S K, Tetali S D, et al. The Yogi project: Software property checking via static analysis and testing [C]// Proceedings of the 15th International Conference on Tools and Algorithms for the Construction and Analysis of Systems. Berlin, Germany: Springer, 2009: 178 - 181.

二级参考文献33

  • 1Pezze M, Young M. Software Testing and Analysis:Process, Principles and Techniques. Hoboken, NJ: John Wiley b- Sons, 2007.
  • 2Emanuelsson P, Nilsson U. A comparative study of industrial static analysis tools. Electronic Notes in Theoretical Computer Science, 2008, 217:5-21.
  • 3Bertolino A. Software testing research: Achievements, challenges, dreams//Proceedings of the Future of Software Engi- neering(FOSE'07). Washington, DC, USA.. IEEE Computer Society, 2007:85-103.
  • 4Godefroid P, Klarlund N, Sen K. DART: Directed automated random testing//Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implemen tation(PLDI'05). New York, NY, USA: ACM, 2005: 213-223.
  • 5Sen K, Marinov D, Agha G. CUTE: A concolic unit testing engine for C//Proceedings of the 10th European Software Engineering Conference Held Jointly with 13th ACM SIGSOFT International Symposium on Foundations of Software Engineering ( ESEC/FSE-13 ). New York, NY, USA: ACM, 2005:263-272.
  • 6Sen K, Agha G. CUTE and Jcute: Concolic unit testing and explicit path model checking tools//Proceedings of the 18th International Conference on Computer Aided Verification (CAVe06). Lecture Notes in Computer Science 4144. Berlin, Heidelberg: Springer, 2006:419-423.
  • 7Burnim J, Sen K. Heuristics for scalable dynamic test gener ation//Proceedings of the 23rd IEEE/ACM International Conference on Automated Software Engineering ( ASE ' 08). Washington, DC, USA: IEEE Computer Society, 2008: 443-446.
  • 8Xu R-G, Godefroid P, Majumdar R. Testing for buffer overflows with length abstraction//Proeeedings of the 2008 International Symposium on Software Testing and Analysis (ISS TA'08). New York, NY, USA: ACM, 2008:27-38.
  • 9Evans D, Larochelle D. Improving security using extensible lightweight static analysis. IEEE Software, 2002, 19 (1) : 42-51.
  • 10Xie Y, Chou A, Engler D. ARCHER: Using symbolic, path-sensitive analysis to detect memory access errors//Proceedings of the 9th European Software Engineering Conference Held Jointly with llth ACM SIGSOFT International Symposium on Foundations of Software Engineering (ESEC/ FSE11). New York, NY, USA: ACM, 2003:327-336.

共引文献21

同被引文献22

引证文献4

二级引证文献5

清华大学学报(自然科学版)
2013年 第12期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
关于我们 | 版权声明 | 联系我们 | 帮助中心| 意见反馈
主办单位:上海市教育委员会
技术支持:重庆维普资讯有限公司
渝公网安备 50019002500403号
使用帮助 返回顶部