计算机工程与科学2011,Vol.33Issue(4):69-74,6.DOI:10.3969.j.issn.1007-130X.2011.04.013
Hunter:一种指令集体系结构无关的二进制级动态测试用例生成技术
Hunter: ISA-Independent Binary Level Dynamic Test Generation
摘要
Abstract
The dynamic test generation approach is becoming increasingly popular to finding security vulnerabilities in software. More and more research institutes and organizations use this approach to find security vulnerabilities in binary code. However, the existing binary level dynamic test generation approaches and tools are not retargetable, and can only find vulnerabilities in binaries for a specific ISA.This paper presents a new binary-level dynamic test generation technique and a tool, Hunter,which implements this technique. Unlike other such techniques that can operate only on binaries in a specific ISA, Hunter takes the binaries of any ISA as inputs and dynamically generates new inputs that exercise different control paths in the program, which may lead to security vulnerabilities. Hunter defines a meta instruction set architecture(MetaISA); Hunter maps the execution information, which is collected during the binary source code execution, to MetaISA; and symbolic execution, constraint collection and constraint solver operates on MetalSA, thus making these processes ISA-independent. We have implemented our Hunter, retargeted it to 32-bit x86, PowerPC and Sparc ISAs, and used it to automatically find the six known bugs in the six benchmarks. Our results indicate that our Hunter can easily be retargeted to any ISA with only a few overheads; and Hunter can effectively find bugs located deep within large applications from their binaries for 32-bit x86. PowerPC or Snarc ISA.关键词
动态测试用例生成/重定向/指令集体系结构无关Key words
dynamic test generation/ redirected / ISA-independent引用本文复制引用
李根,卢凯,张英,卢锡城,冯华,张巍..Hunter:一种指令集体系结构无关的二进制级动态测试用例生成技术[J].计算机工程与科学,2011,33(4):69-74,6.基金项目
国家973计划资助项目(2005CB321801) (2005CB321801)
