首页 | 本学科首页   官方微博 | 高级检索  
     

并行化模糊测试研究综述
引用本文:张旭鸿,梁红,夏亦凡,蒲誉文,纪守领. 并行化模糊测试研究综述[J]. 时代经贸, 2022, 0(1): 24-42
作者姓名:张旭鸿  梁红  夏亦凡  蒲誉文  纪守领
作者单位:浙江大学软件学院,浙江宁波 315048;浙江大学计算机科学与技术学院,浙江杭州 310007;华中科技大学网络空间安全学院,湖北武汉 430040
摘    要:随着新一代网络信息技术的不断创新突破,软件从单机场景逐步扩展到移动终端、物联网设备、工业控制设备、云计算平台等新兴领域,推动了信息化基础设施建设的发展。然而,应用软件质量良莠不齐,给黑客组织提供了可乘之机。事件型漏洞和高危零日漏洞数量上升,如何高效准确地挖掘软件漏洞亟待解决。为实现漏洞的快速检测,模糊测试技术备受关注,它具有部署简单、自动化程度高、兼容性好等特点,能通过提供大量的输入样例实现对目标程序的脆弱性分析。现有的模糊测试通常在单处理器环境中执行,存在单个检测任务耗时长、计算资源利用率低、可持续能力差等缺陷。因此,并行化模糊测试一经提出便备受青睐。针对并行架构下的任务划分、数据存储、通信交互等问题,学术界和工业界对其展开了深入分析,并设计了一系列的实现方法。为此,系统地总结了当前模糊测试面临的挑战,概述了当前阶段模糊测试的并行化需求,着重比较分析了现存并行化模糊测试方案的优势和不足,并对高性能计算场景下并行化模糊测试的未来趋势进行了展望。

关 键 词:软件测试;模糊测试;漏洞检测;并行计算

Parallel fuzzing: a survey
ZHANG Xuhong,LIANG Hong,XIA Yifan,PU Yuwen,JI Shouling. Parallel fuzzing: a survey[J]. Economic & Trade Update, 2022, 0(1): 24-42
Authors:ZHANG Xuhong  LIANG Hong  XIA Yifan  PU Yuwen  JI Shouling
Affiliation:School of Software Technology, Zhejiang University, Ningbo 315048 , China;College of Computer Science and Technology, Zhejiang University, Hangzhou 310007 , China;School of Cyber Science and Engineering, Huazhong University of Science and Technology, Wuhan 430040 , China
Abstract:With continuous innovation and breakthroughs in the new generation of network information technology, the software system has gradually extended from stand-alone scena-rios to mobile terminals, Internet of Things devices, industrial control equipment, cloud computing platforms, and other emerging areas, promoting the development of information technology infrastructure construction. However, the software applications are of varying quality, making them vulnerable to attacks from hacker organizations. It is highly demanded to mine software vulnerabilities efficiently and accurately due to the increasing number of event-based vulnerabilities and high-risk zero-day vulnerabilities. To detect vulnerabilities quickly, fuzzing has attracted much attention. It finds bugs by repeatedly injecting mutated inputs to a target program with the benefit of simple deployment, high automation and compatibility. However, existing fuzzing tests are usually performed in a single-processor environment, which suffers from significant time overhead, low computational resource utilization, and poor sustainability. Therefore, parallel fuzzing has been proposed and gained much attention. Academia and industry have launched an in-depth research on parallel fuzzing and designed a series of methods for task division, data storage, and communication interaction under the parallel architecture. This work systematically summarized current challenges in fuzzing process, scientifically outlined the needs of parallel fuzzing, then focused on comparing and analyzing the advantages and disadvantages of each parallel fuzzing scheme. In the end, this work prospected for the future trend of parallel fuzzing in high-performance computing scenarios.
Keywords:
点击此处可从《时代经贸》浏览原始摘要信息
点击此处可从《时代经贸》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号