信息工程大学学报2025,Vol.26Issue(4):485-490,6.DOI:10.3969/j.issn.1671-0673.XXXX.XX.001
基于反向污点分析的设备Web接口模糊测试
Fuzzing for Web Interface of Devices Based on Reverse Taint Analysis
摘要
Abstract
To address the problem that the existing fuzzing techniques for IoT device Web interface are insensitive to dangerous functions and difficult to satisfy the dependency between parameters,an IoT device Web interface fuzzing method combined with reverse taint analysis is proposed.Firstly,a reach-ing definition analysis is performed on the path from the parameters of dangerous functions to the re-quest parameters through reverse taint analysis,filtering out the request parameters that cannot trigger the dangerous functions.Secondly,test cases are constructed to conform to the characteristics of differ-ent types of vulnerabilities based on the defined test case generation rules.Finally,an anomaly detec-tion method based on remote debugging is used to assist in confirming the vulnerabilities.The experimental results show that in terms of reverse taint analysis,the number of parameters extracted by this method is re-duced by 34.3%compared that of SaTC.In terms of vulnerability detection,this method detects 23 public vulnerabilities,three of which are vulnerabilities with control dependent parameters,and the vulnerability detection time is less than that of Boofuzz,which verifies the effectiveness of the method.关键词
物联网设备/危险函数/污点分析/模糊测试/漏洞检测Key words
IoT devices/dangerous function/taint analysis/fuzzing/vulnerability detection分类
信息技术与安全科学引用本文复制引用
邵启龙,董卫宇,马航..基于反向污点分析的设备Web接口模糊测试[J].信息工程大学学报,2025,26(4):485-490,6.
