52ky 发表于 2021-6-28 12:51:36

Fuzzing with Code Fragments by Christian Holler, Kim Herzig, Andreas Zeller


模糊测试是一种自动化技术,它提供随机数据作为软件系统的输入,以期暴露漏洞。为了有效,模糊输入必须足够通用以通过基本一致性检查;例如,JavaScript 解释器只接受语义有效的程序。另一方面,模糊输入必须足够罕见以触发异常行为,例如解释器崩溃。 LangFuzz 方法通过使用语法随机生成有效程序来解决这个冲突;然而,这些代码片段部分源于之前已知导致无效行为的程序。 LangFuzz 是一个有效的安全测试工具:应用于 Mozilla JavaScript 解释器,在运行三个月内共发现了 105 个新的严重漏洞(从而成为该时期的顶级安全漏洞赏金收集者之一);应用于PHP解释器,它发现了18个导致崩溃的新缺陷。

(Fuzz testing is an automated technique providing random data as input to a software system in the hope to expose a vulnerability. In order to be effective, the fuzzed input must be common enough to pass elementary consistency checks; a JavaScript interpreter, for instance, would only accept a semantically valid program. On the other hand, the fuzzed input must be uncommon enough to trigger exceptional behavior, such as a crash of the interpreter. The LangFuzz approach resolves this conflict by using a grammar to randomly generate valid programs; the code fragments, however, partially stem from programs known to have caused invalid behavior before. LangFuzz is an effective tool for security testing: Applied on the Mozilla JavaScript interpreter, it discovered a total of 105 new severe vulnerabilities within three months of operation (and thus became one of the top security bug bounty collectors within this period); applied on the PHP interpreter, it discovered 18 new defects causing crashes.)


页: [1]
查看完整版本: Fuzzing with Code Fragments by Christian Holler, Kim Herzig, Andreas Zeller