(电子科技大学 计算机科学与工程学院, 成都 610054)
关键词:自动化; 缓冲区溢出; 黑盒测试; 安全漏洞; 漏洞发掘
New method of software vulnerability detection based on fuzzing
SHAO Lin, ZHANG Xiaosong, SU Enbiao
(School of Computer Application Technology, Technology University of Electronic Science & Technology of China, Chengdu 610054, China)
The techniques of buffer overflow vulnerabilities detection was single and limited to manual analysis, binarypatch comparison, fuzzing and so on. These techniques of vulnerabilities detection were either too dependent on manual analysis or too blind, leading up to the low efficiency of vulnerabilities detection. Introduced a new method of buffer overflow vulnerabilities detection, which was based on fuzzing, dataflow dynamic analysis and automated exception analysis. Overcame the disadvantages of old techniques, this new method effectively improves the detection of potential unknown security vulnerabilities (0day) in software. Besides, this method is more automated and performs better in finding new security vulnerabilities. ......