网络与信息安全学报2024,Vol.10Issue(1):1-21,21.DOI:10.11959/j.issn.2096-109x.2024001
进化内核模糊测试研究综述
Survey of evolutionary kernel fuzzing
摘要
Abstract
Fuzzing is a technique that was used to detect potential vulnerabilities and errors in software or systems by generating random,abnormal,or invalid test cases.When applying fuzzing to the kernel,more complex and challenging obstacles were encountered compared to user-space applications.The kernel,being a highly intricate software system,consists of numerous interconnected modules,subsystems,and device drivers,which presented challenges such as a massive codebase,complex interfaces,and runtime uncertainty.Traditional fuzzing methods could only generate inputs that simply satisfied interface specifications and explicit call dependencies,making it difficult to thoroughly explore the kernel.In contrast,evolutionary kernel fuzzing employed heuristic evolutionary strategies to dynamically adjust the generation and selection of test cases,guided by feedback mechanisms.This iterative process aimed to generate higher-quality test cases.Existing work on evolutionary kernel fuzzing was examined.The concept of evolutionary kernel fuzzing was explained,and its general framework was summarized.The existing work on evolutionary kernel fuzzing was classified and compared based on the type of feedback mechanism utilized.The principles of how feedback mechanisms guided evolution were analyzed from the perspectives of collecting,analyzing,and utilizing runtime information.Additionally,the development direction of evolutionary kernel fuzzing was discussed.关键词
内核/模糊测试/进化/反馈Key words
kernel/fuzzing/evolutionary/feedback分类
信息技术与安全科学引用本文复制引用
侍言,羌卫中,邹德清,金海..进化内核模糊测试研究综述[J].网络与信息安全学报,2024,10(1):1-21,21.基金项目
国家自然科学基金(62272181) (62272181)
国家通用技术基础研究联合基金(U1936211)The National Natural Science Foundation of China(62272181),The Joint Funds of the National Natural Science Foundation of China(U1936211) (U1936211)
