The dynamic testing for automaticlly identifing security vulnerabilities in binary executables has received increas-ingly interest in recent years .In this paper ,we present a new automated whitebox fuzzing tool EWFT (Execution-based Whitebox Fuzzing Tool ) ,which implements dynamic symbolic execution and taint tracing techniques during program execution .Our contribu-tions are:1 )we propose a ROBDD (Reduced Ordered Binary Decision Diagram )-based approach to analyse execution process ,2 )we introduce a new path weight analysis algorithm (PWA )for searching path space and automating test data generation ,and 3 )we build a prototype tool that automatically finds software vulnerabilities .Results of our experiments show that execution-based whitebox fuzzing is powerful to identify variety of security vulnerabilities in real applications .Compared to the related work in the research area ,it explored deeper program paths on the average ,and achieved higher structural coverage .%应用动态测试技术检测二进制程序的脆弱性是当前漏洞挖掘领域的研究热点。本文基于动态符号执行和污点分析等动态分析技术,提出了程序路径空间的符号模型的构建方法,设计了PWA(Path Weight Analysis)覆盖测试算法,实现了EWFT(Execution-based Whitebox Fuzzing Tool)原型工具。实验测试结果表明,EWFT提高了程序执行空间的测试覆盖率和路径测试深度,相比国际上同类测试工具,能够更加有效地检测出不同软件中存在的多种类型的程序漏洞。
展开▼