并行化模糊测试研究综述
作者:
作者单位:

作者简介:

张旭鸿(1988—),男,博士,研究员,研究方向为人工智能与安全、数据驱动软件与系统安全、大数据系统与分析;

通讯作者:

中图分类号:

TP311

基金项目:


Parallel fuzzing: a survey
Author:
Affiliation:

Fund Project:

  • 摘要
  • |
  • 图/表
  • |
  • 访问统计
  • |
  • 参考文献
  • |
  • 相似文献
  • |
  • 引证文献
  • |
  • 资源附件
  • |
  • 文章评论
    摘要:

    随着新一代网络信息技术的不断创新突破,软件从单机场景逐步扩展到移动终端、物联网设备、工业控制设备、云计算平台等新兴领域,推动了信息化基础设施建设的发展。然而,应用软件质量良莠不齐,给黑客组织提供了可乘之机。事件型漏洞和高危零日漏洞数量上升,如何高效准确地挖掘软件漏洞亟待解决。为实现漏洞的快速检测,模糊测试技术备受关注,它具有部署简单、自动化程度高、兼容性好等特点,能通过提供大量的输入样例实现对目标程序的脆弱性分析。现有的模糊测试通常在单处理器环境中执行,存在单个检测任务耗时长、计算资源利用率低、可持续能力差等缺陷。因此,并行化模糊测试一经提出便备受青睐。针对并行架构下的任务划分、数据存储、通信交互等问题,学术界和工业界对其展开了深入分析,并设计了一系列的实现方法。为此,系统地总结了当前模糊测试面临的挑战,概述了当前阶段模糊测试的并行化需求,着重比较分析了现存并行化模糊测试方案的优势和不足,并对高性能计算场景下并行化模糊测试的未来趋势进行了展望。

    Abstract:

    With continuous innovation and breakthroughs in the new generation of network information technology, the software system has gradually extended from stand-alone scena-rios to mobile terminals, Internet of Things devices, industrial control equipment, cloud computing platforms, and other emerging areas, promoting the development of information technology infrastructure construction. However, the software applications are of varying quality, making them vulnerable to attacks from hacker organizations. It is highly demanded to mine software vulnerabilities efficiently and accurately due to the increasing number of event-based vulnerabilities and high-risk zero-day vulnerabilities. To detect vulnerabilities quickly, fuzzing has attracted much attention. It finds bugs by repeatedly injecting mutated inputs to a target program with the benefit of simple deployment, high automation and compatibility. However, existing fuzzing tests are usually performed in a single-processor environment, which suffers from significant time overhead, low computational resource utilization, and poor sustainability. Therefore, parallel fuzzing has been proposed and gained much attention. Academia and industry have launched an in-depth research on parallel fuzzing and designed a series of methods for task division, data storage, and communication interaction under the parallel architecture. This work systematically summarized current challenges in fuzzing process, scientifically outlined the needs of parallel fuzzing, then focused on comparing and analyzing the advantages and disadvantages of each parallel fuzzing scheme. In the end, this work prospected for the future trend of parallel fuzzing in high-performance computing scenarios.

    参考文献
    相似文献
    引证文献
引用本文
分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:
  • 最后修改日期:
  • 录用日期:
  • 在线发布日期: 2022-07-11
  • 出版日期: