计算机应用与软件Issue(2):303-306,4.DOI:10.3969/j.issn.1000-386x.2014.02.081
基于符号执行的测试数据生成方法的研究与设计
RESEARCH AND DESIGN OF SYMBOL EXECUTION-BASED TEST DATA GENERATION METHOD
赵跃华 1阚俊杰1
作者信息
- 1. 江苏大学计算机科学与通信工程学院 江苏 镇江212013
- 折叠
摘要
Abstract
The research on software vulnerabilities is one of the most important branches in information security.The main vulnerability discovery method is to input the elaborately structured test data to the program to trigger the vulnerability.So one can see that how to generate the test data is the key of the technology and the key for successful vulnerability discovery.Based on the analysis of existence principle of the vulnerability and triggering condition,we present a kind of more efficient test data generation method.In this method,the trigger points of the vulnerabilities are located by unsafe functions,the trigger paths are determined by mixed traversal in depth and width,and the trigger condi-tions of the vulnerabilities are determined by symbols execution technology,at last the test data are generated on the basis of these conditions. The test data formed in this way become more targeted,and the coverage rate of the code is raised as well,consequently the efficiency and ac-curacy of software vulnerability discovery can be increased.Experimental results show that the method has good efficiency and accuracy.关键词
测试数据生成/不安全函数/混合遍历/符号执行技术/漏洞挖掘Key words
Test data generation/Unsafe functions/Mixed traversal/Symbols execution technology/Vulnerability discover分类
信息技术与安全科学引用本文复制引用
赵跃华,阚俊杰..基于符号执行的测试数据生成方法的研究与设计[J].计算机应用与软件,2014,(2):303-306,4.
