密码算法库模糊测试技术研究综述OA北大核心CSTPCD

The cryptographic algorithm library is a fundamental software library that provides various cryptographic related functions such as encryption,decryption,signature,and verification.In order to ensure the security of network transmission,many system software use cryptographic algorithm libraries to protect data security,to ensure that data is not maliciously stolen or exploited.However,in the implementation process of cryptographic algorithm libraries,vulnerabilities are often introduced,which can lead to memory crashes or encryption logic failures when using functions in the library,greatly affecting the security and availability of the system.Fuzz testing is an effective technique for detecting software implementation vulnerabilities.It generates a large amount of test inputs,observes the feedback of the tested software,and then detects the vulnerabilities.This technology has been applied in cryptographic algorithm libraries,and many vulnerabilities have been discovered in commonly used cryptographic algorithm libraries such as OpenSSL,SymCrypt,and Crypto++.This paper analyzes the main difficulties in conducting efficient testing on cryptographic algorithm libraries,proposes the requirements for conducting fuzz testing on cryptographic algorithm libraries,and presents the main challenges faced by cryptographic algorithm library fuzz testing tools.This paper also analyzes and evaluates the 6 commonly used fuzz testing tools for cryptographic algorithm libraries.Finally,based on the performance of current tools in evaluating metrics such as vulnerability mining ability,code coverage,and input validity,this paper proposes some possible research directions and optimization strategies for fuzz testing of cryptographic algorithm libraries.