Black-box testing based on colorful taint analysis

文献类型: 外文期刊

第一作者: Chen Kai

作者: Chen Kai;Feng DengGuo;Su PuRui;Zhang YingJun;Chen Kai;Zhang YingJun;Chen Kai;Zhang YingJun

作者机构:

关键词: software testing; vulnerability detection; dynamic testing; black-box testing; colorful taint analysis

期刊名称:SCIENCE CHINA-INFORMATION SCIENCES ( 影响因子:4.38; 五年影响因子:2.923 )

ISSN: 1674-733X

年卷期: 2012 年 55 卷 1 期

页码:

收录情况: SCI

摘要: Software vulnerability detection is one of the most important methods for guaranteeing software security. Two main classes of methods can detect vulnerabilities in binary files: white-box testing and black-box testing. The former needs to construct and solve path constraints to detect vulnerabilities. It has two main drawbacks: path exploding and complexity of constraints. The latter often aimlessly exhausts various inputs to test binary files. This paper combines both testing methods to detect vulnerabilities in binary files. By analyzing the input elements that affect check condition corresponding to a certain check point, we can generate one class of inputs that get to the check point to increase fuzzing efficiency. By analyzing the relationship between guard conditions and check condition, the redundant check points are removed. Colorful taint analysis method (CTAM) is proposed to compute guard conditions, which is more efficient than traditional taint analysis method (TTAM). We implemented a prototype and made several experiments on it. The results showed that our method could increase the efficiency of black-box testing.

分类号:

  • 相关文献
作者其他论文 更多>>

微信小程序