CN115080978A - Runtime vulnerability detection method and system based on fuzzy test - Google Patents

Runtime vulnerability detection method and system based on fuzzy test Download PDF

Info

Publication number
CN115080978A
CN115080978A CN202210548927.3A CN202210548927A CN115080978A CN 115080978 A CN115080978 A CN 115080978A CN 202210548927 A CN202210548927 A CN 202210548927A CN 115080978 A CN115080978 A CN 115080978A
Authority
CN
China
Prior art keywords
program
programs
runtime
target
test
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210548927.3A
Other languages
Chinese (zh)
Inventor
徐驰
王奕童
刘烨庞
王斯南
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Southern University of Science and Technology
Original Assignee
Southern University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Southern University of Science and Technology filed Critical Southern University of Science and Technology
Priority to CN202210548927.3A priority Critical patent/CN115080978A/en
Publication of CN115080978A publication Critical patent/CN115080978A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3672Test management
    • G06F11/3684Test management for test design, e.g. generating new test cases

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Quality & Reliability (AREA)
  • Computing Systems (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The invention discloses a runtime vulnerability detection method and a runtime vulnerability detection system based on fuzzy test, wherein the method comprises the following steps: performing variation processing on a plurality of source programs subjected to effectiveness analysis processing based on a preset algorithm to obtain a plurality of first program variants, performing effectiveness analysis on the plurality of first program variants to obtain a plurality of non-equivalent variants, and further obtaining a test program set comprising the source programs; and obtaining a plurality of operation results corresponding to the test program set according to the test program set and a plurality of preset operation times, and further determining a plurality of bugs in the operation times according to the plurality of operation results. According to the embodiment of the invention, the obtained target program coverage rate is higher by analyzing and processing the effectiveness of the source program in the WebAssembly running environment, a plurality of running results are obtained by inputting the mutated program to different running processes, and the vulnerability is determined by analyzing the plurality of running results, so that the detection stability and accuracy of the vulnerability are improved.

Description

Runtime vulnerability detection method and system based on fuzzy test
Technical Field
The invention relates to the technical field of software testing, in particular to a runtime vulnerability detection method and system based on fuzzy testing.
Background
At present, the performance requirements of web applications are gradually increased, but due to the limitations of dynamic scripting languages such as JavaScript, the operation of applications encounters a serious performance bottleneck, so that a plurality of browser manufacturers first propose a WebAssembly technology (Wasm for short) in 2015 to solve the performance problem. The WebAssembly is a brand-new binary format with small operation volume, high loading efficiency, strong portability and better Web compatibility, and can conveniently operate codes of high-level languages such as C, C + +, Rust and the like in local client environments such as browsers and the like by using the native performance of hardware, thereby bringing performance innovation for the operation of webpage application programs. At present, the technical field of WebAssembly has various realization supports for WebAssembly operating environment, which can be roughly divided into two types: local virtual machine implementations, such as WAVM, wasm3, wasmer; the browser is realized by a WebAssembly running environment built in a mainstream browser such as Chrome, Firefox and the like. However, many implementations of the operating environment may trigger inconsistencies in behavior and related vulnerabilities, thereby creating security concerns. Therefore, applying a test means to detect the vulnerability of the WebAssembly operating environment is an important issue in the technical field of WebAssembly nowadays.
However, the existing implementation scheme of the WebAssembly vulnerability detection technology has a plurality of defects, so that the vulnerability detection of the WebAssembly operating environment has the problems of poor stability and low accuracy.
Thus, there is still a need for improvement and development of the prior art.
Disclosure of Invention
The technical problem to be solved by the invention is to provide a runtime vulnerability detection method based on fuzzy test aiming at the defects in the prior art, and the method aims to solve the problems of poor stability and low accuracy of vulnerability detection of WebAssembly running environment caused by a plurality of defects in the implementation scheme of WebAssembly vulnerability detection technology in the prior art.
The technical scheme adopted by the invention for solving the problems is as follows:
in a first aspect, an embodiment of the present invention provides a runtime vulnerability detection method based on a fuzzy test, where the method includes:
acquiring a plurality of source programs, and carrying out effectiveness analysis processing on the source programs to obtain a plurality of target programs;
performing variation processing on the target programs based on a preset algorithm to obtain a plurality of first program variants, performing effectiveness analysis on the first program variants to obtain a plurality of non-equivalent variants, and obtaining a test program set according to the non-equivalent variants and the target programs;
obtaining a plurality of operation results corresponding to the test program set according to the test program set and a plurality of preset operation times, analyzing the operation results and determining a plurality of bugs in the operation times; wherein the runtime is used to characterize the carrier of the program runtime.
In one implementation, the analyzing the effectiveness of the plurality of source programs to obtain a plurality of target programs includes:
repeatedly executing static analysis on the source programs to obtain a plurality of first programs, executing and detecting the code coverage rate of the first programs, and generating a plurality of access parameters; wherein the entries are used to characterize test cases; a plurality of the ginseng entering assemblies form a ginseng entering assembly;
when a plurality of first programs detected by code coverage rate meet a preset condition, stopping executing the step of performing static analysis on a plurality of source programs, and taking the plurality of first programs meeting the condition as a plurality of target programs, wherein each target program corresponds to one input parameter set;
compiling and instrumentation the target program aiming at each target program, and running the compiled and instrumented target program based on reference running to obtain a first tracking file corresponding to each target program; wherein the reference runtime is one of the plurality of runtimes; the first tracking file is a file for recording the running sequence of the instrumentation program.
In one implementation, the mutating the target programs based on a predetermined algorithm to obtain first program variants includes:
acquiring an initial time value;
randomly acquiring a random number in a preset range;
randomly selecting a first mutation operator in a preset mutation operator set based on priority, and acquiring an index value of the first mutation operator;
randomly selecting a first target program from a plurality of target programs;
randomly selecting a second mutation operator in a preset mutation operator set based on priority, and acquiring an index value of the second mutation operator;
obtaining a receiving probability value according to the index value of the first mutation operator, the index value of the second mutation operator and the first target program based on a preset Metterol Boris-Heisothian algorithm formula; wherein the reception probability value is used to characterize a probability of a reception function;
for each of the target programs; when the receiving probability value is larger than or equal to the random number, carrying out mutation on each target program by adopting the second mutation operator to obtain a plurality of first program variants corresponding to each target program; wherein the access parameter set of a number of said first program variants is the same as the access parameter set of each said target program.
In one implementation, the obtaining a reception probability value according to the index value of the first mutation operator, the index value of the second mutation operator, and the first target program based on the preset metterol bolis-blacksmith algorithm formula further includes:
and when the receiving probability value is smaller than the random number, continuing to perform the step of randomly selecting a second mutation operator in a preset mutation operator set based on the priority and acquiring the index value of the second mutation operator.
In one implementation, the analyzing the effectiveness of the first program variants to obtain non-equivalent variants, and obtaining the test program set according to the non-equivalent variants and the target programs includes:
storing a plurality of target programs into the test program set;
for each first program variant, compiling and instrumentation the first program variant to obtain a second program variant corresponding to each first program variant, running the second program variant based on reference running to obtain a second trace file corresponding to each first program variant, when the second trace file is different from the first trace file, taking the first program variant corresponding to the second trace file as a non-equivalent variant, adding the non-equivalent variant to a test program set, increasing the index value of the second mutation operator by 1, and sequencing mutation operators in the mutation operator set from high to low according to priority, wherein the input parameter set of the second program variant is the same as the input parameter set of each first program variant;
obtaining an intermediate time value, and subtracting the initial time value from the intermediate time value to obtain a time difference;
when the time difference is smaller than a preset maximum time threshold, repeatedly executing the step of randomly selecting a first target program from the plurality of target programs;
and outputting a test program set when the time difference is equal to the maximum time threshold.
In one implementation, the number of runtimes includes a first runtime, a second runtime, and a third runtime; the obtaining a plurality of operation results corresponding to the test program set according to the test program set and a plurality of preset operations includes:
inputting the test program set into a first runtime for running, and outputting a first running result through the first runtime;
compiling the test programs in the test program set;
inputting the compiled test program set into a second operation to operate, and obtaining a second operation result;
and inputting the compiled test program set to a third operation for operation to obtain a third operation result.
In one implementation, the analyzing the plurality of operation results and the determining the plurality of runtime vulnerabilities includes:
when the second operation result is different from the first operation result, determining that a bug exists in the second operation, and outputting the bug;
when the third operation result is different from the first operation result, determining that a vulnerability exists in the third operation, and outputting the vulnerability;
and when the second operation result is different from the third operation result, acquiring a vulnerability identification result of a preset person, and when the vulnerability identification result indicates that a vulnerability exists, outputting the vulnerability.
In a second aspect, an embodiment of the present invention further provides a runtime vulnerability detection system based on a fuzzy test, where the system includes: the target program acquisition module is used for acquiring a plurality of source programs and carrying out effectiveness analysis processing on the source programs to obtain a plurality of target programs;
the program variation module is used for performing variation processing on the target programs based on a preset algorithm to obtain a plurality of first program variants, performing effectiveness analysis on the first program variants to obtain a plurality of non-equivalent variants, and obtaining a test program set according to the non-equivalent variants and the target programs;
the vulnerability determining module is used for obtaining a plurality of operation results corresponding to the test program set according to the test program set and a plurality of preset operation times, analyzing the operation results and determining a plurality of vulnerability during the operation; wherein the runtime is used to characterize the carrier of the program runtime.
In a third aspect, an embodiment of the present invention further provides an intelligent terminal, which includes a memory and one or more programs, where the one or more programs are stored in the memory, and the one or more programs are configured to be executed by the one or more processors, and include a function for executing the fuzz-test-based runtime vulnerability detection method as described in any of the above items.
In a fourth aspect, an embodiment of the present invention further provides a non-transitory computer-readable storage medium, where instructions in the storage medium, when executed by a processor of an electronic device, enable the electronic device to perform the fuzz test-based runtime vulnerability detection method as described in any one of the above.
The invention has the beneficial effects that: the method comprises the steps of firstly obtaining a plurality of source programs, and carrying out effectiveness analysis processing on the source programs to obtain a plurality of target programs; then, based on a preset algorithm, carrying out mutation processing on the target programs to obtain a plurality of first program variants, carrying out effectiveness analysis on the first program variants to obtain a plurality of non-equivalent variants, and obtaining a test program set according to the non-equivalent variants and the target programs; finally, obtaining a plurality of operation results corresponding to the test program set according to the test program set and a plurality of preset operation times, analyzing the operation results and determining a plurality of bugs in the operation times; wherein the runtime is used for characterizing a carrier of program execution; therefore, in the WebAssembly operating environment, the coverage rate of the obtained target program is higher by analyzing the effectiveness of the source program, the mutated program is input to different operation times to obtain a plurality of operation results, and the vulnerability is determined by analyzing the plurality of operation results, so that the detection stability and accuracy of the vulnerability are improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic flow chart of a runtime vulnerability detection method based on a fuzzy test according to an embodiment of the present invention.
Fig. 2 is a schematic diagram of an overall test flow provided in the embodiment of the present invention.
Fig. 3 is a flowchart of a mutation algorithm according to an embodiment of the present invention.
Fig. 4 is a flowchart of a variation test according to an embodiment of the present invention.
Fig. 5 is a schematic block diagram of a runtime vulnerability detection system based on a fuzz test according to an embodiment of the present invention.
Fig. 6 is a schematic block diagram of an internal structure of an intelligent terminal according to an embodiment of the present invention.
Detailed Description
The invention discloses a runtime vulnerability detection method and system based on fuzzy test, which are further described in detail below with reference to the accompanying drawings and embodiments in order to make the purpose, technical scheme and effect of the invention clearer and clearer. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
As used herein, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. It will be understood that when an element is referred to as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element or intervening elements may also be present. Further, "connected" or "coupled" as used herein may include wirelessly connected or wirelessly coupled. As used herein, the term "and/or" includes all or any element and all combinations of one or more of the associated listed items.
It will be understood by those skilled in the art that, unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the prior art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
In the prior art, the existing software testing system has a better technical background for solving the problem of vulnerability detection of WebAssembly. Existing software testing systems have many technical categories, such as fuzzy testing for discovering software bugs by providing unexpected input to a target system and monitoring abnormal results, metamorphic testing capable of solving difficult-to-construct test prediction problems, mutation testing based on well-defined improved program source code, and the like, which provide possibilities for bug detection of WebAssembly operating environments. Moreover, the existing software technology provides more technical support for the development of automatic vulnerability detection of WebAssembly, such as a more complete automatic testing tool or algorithm based on other virtual machines such as JVM, a gray box testing tool based on AFL and its extension, a syntactic structure analysis tool for a source program based on an abstract syntax tree matching algorithm, a fuzzy testing vulnerability mining tool based on coverage rate, and the like.
The implementation scheme of vulnerability detection of WebAssembly is mainly to apply a random mutation strategy at a bit level, such as inverting, adding or deleting a specific bit to form a variant. This method can detect certain run-time inconsistencies in certain situations, but still suffers from a number of deficiencies. Firstly, bit-oriented operation in the existing implementation scheme is too low-level, and because the WebAssembly binary file needs to comply with a strict format, the formed variant cannot pass byte code verification of the virtual machine at the initial stage of operation, and behavior inconsistency occurring in the execution process of the virtual machine is difficult to trigger; secondly, the existing implementation scheme lacks of syntax structure analysis on the binary format of the WebAssembly, so that the automatically generated test case is very easy to cause the function calling and the original function declaration to be mismatched, does not conform to the corresponding calling interface, causes the mutation to be invalid, and generates a large number of invalid variants; thirdly, bit-oriented operation is not easy to effectively increase branch coverage in the implementation of the WebAssembly operating environment, and the detection of corresponding vulnerabilities in the WebAssembly operating environment is difficult to implement.
In order to solve the problems in the prior art, the present embodiment provides a runtime vulnerability detection method based on a fuzzy test, in which an obtained target program coverage rate is higher by performing validity analysis processing on a source program in a WebAssembly runtime environment, a plurality of runtime results are obtained by inputting a mutated program into different runtimes, and a vulnerability is determined by analyzing the plurality of runtime results, so that the vulnerability detection stability and accuracy are improved. When the method is specifically implemented, firstly, a plurality of source programs are obtained, and effectiveness analysis processing is carried out on the source programs to obtain a plurality of target programs; then, based on a preset algorithm, carrying out mutation processing on the target programs to obtain a plurality of first program variants, and obtaining a plurality of operation results corresponding to the first program variants according to the first program variants and preset operation; wherein the runtime is used for characterizing a carrier of program execution; and finally, analyzing the operation results to determine the vulnerabilities in the operation.
Illustrate by way of example
The runtime implementation of the WebAssembly is divided into a virtual machine and a browser, for example, the virtual machine is implemented by a WAVM, a wasmer and the like, and the browser is implemented by a mainstream browser such as a Chrome, an Edge and the like to provide internal implementation support of a runtime environment. The method has the advantages that the differences of the method and the system on the support of the application program of the WebAssembly have multiple aspects, for example, in the support of the large-scale automatic test, as compared with a browser environment, the operation of the WebAssembly in the local virtual machine does not need a JS glue file for bridging, the large-scale automatic test operation of the WebAssembly operation environment is easier to realize on the virtual machine; regarding the limited aspect of the operating environment, the WebAssembly program cannot access the local file system and the like when executed on the browser because the operating environment of the browser has a sandboxed security isolation mechanism. These factors may result in inconsistent behavior from run to run for the same WebAssembly source program.
The existing vulnerability detection technology in runtime has not provided corresponding complete framework support in the WebAssembly runtime field, for example, a Java virtual machine running a binary byte code file has coverage-based framework technical support for fuzzy test and differential test, but has not provided such complete technical background in WebAssembly runtime. The lack of technical background is mainly due to two aspects, namely, on the one hand, the imperfection in the automated testing infrastructure and on the other hand, the deficiency in the targeted upper-layer algorithm. The former includes analysis, automatic generation, large-scale operation, output result comparison and the like of test cases; for the latter, there is metamorphic relation EMI proposed by scholars for high-level language optimization, and a bytecode variation scheme based on a random markov chain for JVM language. These technical deficiencies are all technical challenges that the present invention addresses.
For a WebAssembly program which is partially compiled and originated from a high-level language, the behaviors of the WebAssembly program are possibly related to the specific implementation of a compiler, and undefined behaviors are possibly existed, so that the inconsistency of the behaviors is triggered and related vulnerabilities exist in the runtime.
Considering that the direct syntax analysis of the binary file of the WebAssembly program is difficult to detect the coverage rate and effectively mutate, the traditional bit-oriented underlying mutation strategy to generate the test case is not an efficient solution.
Exemplary method
The embodiment provides a runtime vulnerability detection method based on a fuzzy test, and the method can be applied to an intelligent terminal for software testing. As shown in fig. 1 in detail, the method includes:
s100, obtaining a plurality of source programs, and carrying out effectiveness analysis processing on the source programs to obtain a plurality of target programs;
specifically, although a decompilation tool oriented to a WebAssembly binary format file is available at present, complete analysis of information such as semantics and behaviors of codes is not yet fully supported. The technical problem is brought to vulnerability detection during the operation of the WebAssembly, for example, under the condition of lacking grammar structure information, the automatically generated test case is not easy to be matched with the interface parameters provided by the WebAssembly program, so that the test case is invalid; in the case of lacking syntactic structure information, detection of branch coverage is insufficient when test cases are generated, test cases have poor coverage on branches in code, and the like. These problems due to the lack of semantic analysis of files have caused inconvenience to the efficient vulnerability detection of automated testing. That is to say, since it is difficult for a developer to generate a test file, i.e., a source program, with high reliability and high coverage rate through a test tool, it is impossible to detect a corresponding deep vulnerability in a specific implementation of a WebAssembly operating environment. In the embodiment, the source programs select a C program set which is relatively popular in GitHub, and after the coverage rate processing, good input parameter type information and branch information are provided for a test file of a WebAssembly program, so that the problem that the parameter types are prone to errors is solved, and the branch coverage rate is effectively improved.
In step S100, the analyzing the effectiveness of the plurality of source programs to obtain a plurality of target programs includes the following steps: repeatedly executing static analysis on the source programs to obtain a plurality of first programs, executing and detecting the code coverage rate of the first programs, and generating a plurality of access parameters; wherein the entries are used to characterize test cases; a plurality of the ginseng entering assemblies form a ginseng entering assembly; when a plurality of first programs detected by code coverage rate meet a preset condition, stopping executing the step of performing static analysis on a plurality of source programs, and taking the plurality of first programs meeting the condition as a plurality of target programs, wherein each target program corresponds to one input parameter set; compiling and instrumentation the target program aiming at each target program, and running the compiled and instrumented target program based on reference running to obtain a first tracking file corresponding to each target program; wherein the reference runtime is one of the plurality of runtimes; the first tracking file is a file for recording the running sequence of the instrumentation program.
In this embodiment, the vulnerability detection effect of the WebAssembly operating environment is largely determined by the quality of the generated test case, and in order to generate a high-quality test case, a stable and reliable automated test technical guarantee is required. The existing automatic testing technology has a relatively mature realization in the level of high-level languages such as C language, and has relatively more tool support. Therefore, we moved the variant level up to the C language level from the relatively underlying WebAssembly program level. Performing static analysis on a plurality of the C programs: the invention applies an automated analysis parameter tool, i.e. a tool for automated analysis of the C program. A Clang compiler is used for analyzing Abstract Syntax Tree (AST) of function call of a source program, so that an entry and a syntax structure of a C language program can be effectively analyzed, a subsequently generated WebAssembly binary file can obey a strict format, and the syntax structure of the binary format of the WebAssembly is analyzed, so that the automatically generated source program can enable the function call to be matched with an original function statement. Such as: extracting a function signature so as to judge the received parameter types (such as integer int, floating point float/double) in the source program function, and then randomly constructing parameters according to the parameter types to be embedded into a function body, which is equivalent to a calling function, so as to obtain the function after preprocessing. Aiming at different operation forms of the browser and the local virtual machine, the invention adds a main function inlet to a processed program, for example, an int main () main function is used for calling the processed function, a WebAssembly receiving file of the browser without the main function inlet and a WebAssembly receiving file of the local virtual machine with the main function inlet are used, and then the webassembiy compiler is used for compiling respectively (the WebAssembly compiler is used by both the browser and the local virtual machine, the WebAssembly program used by the browser does not have the main function inlet, and the WebAssembly program used by the local virtual machine has the main function inlet), as shown in FIG. 2. For a browser, the method generates corresponding HTML and JS glue files (so as to realize the interaction of a WebAssembly program and an upper language), and calls a corresponding command (http-server command to start a server) to enable a local server to automatically run related programs (start the server, then call a selenium to start a WebDriver, and then access the corresponding JS glue files). One example of a glue file is:
Figure BDA0003653649580000121
obtaining a plurality of first programs after static analysis, and then detecting the code coverage rate of the first programs by a code coverage rate detection tool; the code coverage detection tool is modified from an existing code coverage detection tool (gcov) of C language (gcov is automatically called by a script and a coverage result is analyzed to determine whether to keep the program entry), and in practice, the code coverage detection tool may be designed by means of another tool besides gcov and opencppcoverlap, and is not particularly limited. In this process, a large number of program entries are generated in an attempt to obtain as many program entries as possible that can produce high code coverage. The code coverage rate is a measurement mode of the code coverage degree, and is used for describing the tested proportion and degree of the source code in the program, and the probability of executing each branch of the code can be improved by detecting the code coverage rate, for example: executing a branch statement when the condition a-1 (e.g., s-s + 1); executing another branch statement when the condition a is 2 (e.g., s is 3 × 6); if the condition of entering the parameter is changed to a > -1, then when the condition simultaneously satisfies a-1 and a-2, two branch statements (s-s +1) and (s-3 x 6) are executed simultaneously, and then the code coverage rate is increased, which is beneficial to the accuracy of detecting the vulnerability subsequently. The method comprises the steps of repeatedly executing static analysis on a plurality of source programs under the condition that a preset condition is not met to obtain a plurality of first programs, executing and detecting code coverage rate of the plurality of first programs, and generating a plurality of entries, stopping iteration when the execution times of the plurality of first programs detected by the code coverage rate meet the preset condition (when the preset iteration times are 10000 times), wherein at the moment, the coverage rate of the plurality of first programs can be 50% or 80%, the first programs are used as target programs, and meanwhile, each target program corresponds to one entry set. In this embodiment, the target program is a C language program, and for each C language program, the C language program is compiled to obtain a WebAssembly program, and then the WebAssembly program is instrumented and then run on a reference runtime (such as wasmer) to obtain a first trace file. The trace file is a file for recording the running sequence of the instrumented program, and since we have instrumented after each instruction of the compiled WebAssembly program, when the program is run on the wasmer, we can easily obtain the running sequence of the instruction, and we store the sequence in the trace file. The instrumentation is a method for inserting some probes (also called as "detectors") into a program on the basis of ensuring the original logic integrity of the tested program, wherein the probes are essentially code segments for information acquisition and can be assignment statements or function calls for acquiring coverage information, characteristic data of program operation are thrown out through the execution of the probes, and through the analysis of the data, control flow and data flow information of the program can be obtained, so that dynamic information such as logic coverage and the like can be obtained, and the test purpose is realized.
After the target program is obtained, the following steps as shown in fig. 1 can be executed: s200, performing variation processing on the target programs based on a preset algorithm to obtain a plurality of first program variants, performing effectiveness analysis on the first program variants to obtain a plurality of non-equivalent variants, and obtaining a test program set according to the non-equivalent variants and the target programs;
specifically, the preset algorithm may be a metterol bolis algorithm, or a probability distribution function other than geometric distribution may be adopted, and the runtime may be a browser runtime or a local virtual machine runtime. The method comprises the steps that mutation operators can be selected according to a preset algorithm to perform mutation processing on a target program to obtain a plurality of first program variants, and the target programs can also be output to the preset algorithm to obtain a plurality of first program variants; then, validity analysis can be performed on a plurality of first program variants, equivalent variants and non-equivalent variants can be obtained through analysis, the equivalent variants are not valid variants and are discarded, the non-equivalent variants are valid variants and are reserved, and then, a plurality of generated non-equivalent variants can be added to a plurality of target programs to obtain an expanded target program, namely a test program set.
In step S200, the performing a mutation process on the plurality of target programs based on a preset algorithm to obtain a plurality of first program variants includes: acquiring an initial time value; randomly acquiring a random number in a preset range; randomly selecting a first mutation operator in a preset mutation operator set based on priority, and acquiring an index value of the first mutation operator; randomly selecting a first target program from a plurality of target programs; randomly selecting a second mutation operator in a preset mutation operator set based on priority, and acquiring an index value of the second mutation operator; obtaining a receiving probability value according to the index value of the first mutation operator, the index value of the second mutation operator and the first target program based on a preset Metterol Boris-Heisothian algorithm formula; wherein the reception probability value is used to characterize a probability of a reception function; for each target program, when the receiving probability value is greater than or equal to the random number, performing mutation on each target program by using the second mutation operator to obtain a plurality of first program variants corresponding to each target program; wherein the access parameter set of a number of said first program variants is the same as the access parameter set of each said target program.
Specifically, the preset maximum time threshold may be 60 seconds, the countdown is performed for 60 seconds in the execution process of the metterol bolis-blackstein algorithm, that is, an initial time value is obtained, subsequently, an intermediate time value is obtained in the execution process of the metterol bolis-blackstein algorithm, and when a time difference between the intermediate time value and the initial time value is smaller than the maximum time threshold, the system always executes the metterol bolis-blackstein algorithm. Mutation operators in this embodiment, Offutt and King adopted 22 mutation operators defined for Fortran77 for the first time in 1987 based on the existing research work, and the short names and descriptions of these mutation operators are shown in table 1: mutation operators other than 22 may be used, and are not limited herein.
TABLE 1
Figure BDA0003653649580000141
Figure BDA0003653649580000151
In this embodiment, the random number in the preset range is a random number in which [0,1] is uniformly distributed; the method adopts a Metropolis-Hastings algorithm to guide the selection of a single mutation operator, is a Markov chain Monte Carlo algorithm for extracting a random sample sequence from a certain probability distribution when direct sampling is difficult, and has the basic idea that the distribution of a next sample only depends on a current sample value (namely Markov chain characteristics), randomly generates a state from a certain distribution easy to sample and then calculates the probability of acceptance, and performs state conversion if the calculated probability value of acceptance is larger than a random number of uniform distribution [0,1 ].
After counting down the maximum time threshold, when the time difference between the intermediate time value and the initial time value is smaller than the maximum time threshold, randomly selecting a first mutation operator in a preset mutation operator set based on priority, acquiring an index value of the first mutation operator as K1, and then randomly selecting a first target program from a plurality of target programs; then randomly selecting a second mutation operator in a preset mutation operator set based on the priority; the index value obtained for the second mutation operator is K2. The formula of the Metterol Boris-Black Stine algorithm preset by the Metterol Polis-Black Stine algorithm is (1-p) |K2-K1| P is a second variationThe probability of the operator when the operator mutates on the first target program, K2 is the index value of the second mutation operator, and K1 is the index value of the first mutation operator, so that the receiving probability value can be obtained through a Metterol Boris-Black Stine algorithm formula preset by the Metterol Boris-Black Stine algorithm. And for each target program, when the receiving probability value is greater than or equal to the random number, carrying out mutation on the target programs by adopting the second mutation operator to obtain a plurality of first program variants. And when the receiving probability value is smaller than the random number, continuing to perform the step of randomly selecting a second mutation operator in a preset mutation operator set based on the priority and acquiring the index value of the second mutation operator. For example: the invention adds the metterol bolis-black-stigmas algorithm to a common fuzzy test because the mutation operators of the invention are randomly distributed, and therefore Q (x '| x) ═ Q (x | x') (Q (x | x ') refers to the probability of occurrence of an event x under the condition that another event x' has occurred) is symmetric, which is a special case of the metterol bolis-black-stigmas algorithm, called the metterol bolis algorithm. And the vulnerability is easier to trigger by sequencing the variation success rate (namely, inconsistency between the operation times is found) obtained through calculation. In the above algorithm, because of the symmetry of the previous segment, the acceptance distribution function is reduced to
Figure BDA0003653649580000161
(A (x '| x) means the probability that x' is accepted by the present invention in the case where the event x occurs, P (x) means the probability that the event x occurs, and min means taking the next smaller value). The invention adopts geometric distribution as probability distribution to guide the selection of mutation operators. The geometric distribution is the number of tests X required to obtain a success in a bernoulli test. The formula is as follows: pr (X ═ k) ═ 1-p) k-1 p, where Pr (X ═ 1) ═ p (Pr (X ═ k) refers to the probability of occurrence of event X ═ k, and p is the probability of event X ═ 1). As shown in FIG. 3, a series of seed files (programs to be mutated), i.e. the first target program, and a series of common mutation operators (with the same priority, i.e. with initial priorities of 1) are loaded. Since the present invention is unaware of this sourceWhether a piece (the first object program) can generate a valid variant file (program variant) through a limited number of variations or not, in order to avoid that the loop takes too much time, the invention sets a maximum time length (60 seconds) and starts a countdown. Then, files and one mutation operator are randomly selected, and after the files and one mutation operator are selected, another mutation operator is continuously selected. Until the priority of the two mutation operators is larger than or equal to a random number in an interval of 0 to 1 through a Metterol Borris algorithm formula, performing mutation on each target program by using the second mutation operator to obtain a plurality of first program variants.
In step S200, the analyzing the validity of the first program variants to obtain non-equivalent variants, and obtaining a test program set according to the non-equivalent variants and the target programs includes the following steps: storing a plurality of target programs into the test program set; compiling and instrumentation the first program variant to obtain a second program variant corresponding to each first program variant, running the second program variant based on reference running to obtain a second trace file corresponding to each first program variant, taking the first program variant corresponding to the second trace file as a non-equivalent variant when the second trace file is different from the first trace file, adding the non-equivalent variant to a test program set, increasing the index value of the second mutation operator by 1, and sequencing the mutation operators in the mutation operator set from high to low according to the priority, wherein the entry argument of the second program variant is the same as the entry argument of each first program variant; obtaining an intermediate time value, and subtracting the initial time value from the intermediate time value to obtain a time difference; when the time difference is smaller than a preset maximum time threshold, repeatedly executing the step of randomly selecting a first target program from a plurality of target programs; and outputting a test program set when the time difference is equal to the maximum time threshold.
Specifically, since a plurality of the target programs are also part of a subsequent program test, each target program includes a trace file and an entry parameter set corresponding thereto, the target programs and the trace file and the entry parameter set corresponding thereto are all stored in the test program set, and for each first program variant, since there is a possibility that a non-equivalent variant exists, the validity of the first program variant needs to be analyzed, and the analysis method is as follows: compiling the first program variant of the C language to obtain a second program variant (WebAssembly program), then performing instrumentation on the second program variant, and running the second program variant on a reference run time (wasmer) to obtain a second trace file corresponding to each first program variant, wherein at this time, the second trace file is compared with the first trace files of all the test programs in the test program set, and when the second trace file is different from the first trace files of all the test programs in the test program set, the generated program variant is a non-equivalent variant, as shown in FIG. 4, a new trace file may not be generated (that is, the second trace file is the same as the first trace files), and at this time, the generated program variant is an equivalent variant, and the equivalent variant is an invalid program variant. And adding the non-equivalent variant, the corresponding trace file and the reference set to a test program set, and increasing the priority of the second mutation operator by 1, wherein the smaller the index value of the mutation operator is, the higher the priority is. At the moment, if a second mutation operator is selected for the first time, after the non-equivalent variant, the corresponding tracking file and the reference set are added to the test program set, the index value of the second mutation operator becomes 1; if the second mutation operator is not selected for the first time, assigning the index value of the second mutation operator to the index value of the first mutation operator, subtracting 1 from the index value of the second mutation operator, and sorting the mutation operators in the mutation operator set from high to low according to the priority; in the process, except that the mutation operator corresponding to the priority in the last sequence is not copied, the mutation operator corresponding to the priority in the second last sequence is copied twice, and the mutation operator corresponding to the priority in the third last sequence is copied three times; thus, the mutation operator with higher priority has a higher probability of being selected in the next round of selection. Obtaining an intermediate time value, and subtracting the initial time value from the intermediate time value to obtain a time difference; when the time difference is smaller than a preset maximum time threshold (such as 60 seconds), repeatedly executing the step of randomly selecting a first target program from a plurality of target programs; when the time difference is equal to the maximum time threshold (e.g., 60 seconds), at which time the time is exhausted, a test suite is output. For example, the number of the target programs is 100, and after 9900 effective first program variants are newly added through variation, the number of the test program sets reaches 10000.
After the test program set is obtained, the following steps as shown in fig. 1 can be performed: s300, obtaining a plurality of operation results corresponding to the test program set according to the test program set and a plurality of preset operation times, analyzing the operation results, and determining a plurality of bugs in the operation times; wherein the runtime is used to characterize the carrier of the program runtime.
In this embodiment, the WebAssembly source program in the compiled test program set is run in a plurality of runtime environments with different implementations to obtain a plurality of running results, and the running results are analyzed to determine a runtime vulnerability, so that efficient behavior comparison and vulnerability detection during running are achieved under the condition of avoiding interference of other factors (such as vulnerabilities in implementation of a high-level language compiler). Therefore, the problem that the operation of the WebAssembly program has a sandbox isolation mechanism, special processing can be performed on a memory, and a compiler of the original high-level language is difficult to deduce a completely correct test prediction is solved; and the problems that specific implementation details are difficult to obtain when the WebAssembly runs and difficulty in designing a test file capable of directly triggering a vulnerability is high are solved.
In step S300, the plurality of runtimes includes a first runtime, a second runtime, and a third runtime; the step of obtaining a plurality of operation results corresponding to the test program set according to the test program set and a plurality of preset operation results comprises the following steps: inputting the test program set to a first runtime for running, and outputting a first running result through the first runtime; compiling the test programs in the test program set; inputting the compiled test program set into a second operation to operate, and obtaining a second operation result; and inputting the compiled test program set to a third operation for operation to obtain a third operation result.
Specifically, the invention creatively provides a new testing method, which uses a large number of C programs, uses a code coverage rate detection tool to run each branch of the program as far as possible, and designs an algorithm to perform program mutation so as to test the reliability and the vulnerability during the operation of Webassembly. Inputting the test program set into a first runtime, and outputting a first operation result through the first runtime; one example of the first operational result is as follows:
int add(int a,int b){
return a+b;
}
the first program variant is a C program variant, for example, for a mutated source program, a C language compiler (GCC compiler or a compiler in the prior art) is used to obtain an executable file P _ C, and after running, an output O _ C is obtained, and then for each of the first program variants (program variants in C language), a test program in C language in the test program set is compiled into a WebAssembly program variant, such as: obtaining P _ w by using a WebAssembly compiler, inputting the compiled test program set to a second runtime (for example, a local virtual machine implementation, such as WAVM, wasm3, and wasmer) to run, and obtaining a second running result, for example, obtaining O _ w (vmi) by running on vmi for input of the same test file, where an embodiment of the second running result is as follows:
emcc add.c main.c-s STANDALONE_WASM=1-o main.out.wasm wasmer main.out.wasm
similarly, inputting the compiled test program set into a third operation (realized by a browser, such as a WebAssembly operation environment built in a mainstream browser like Chrome, Firefox and the like) to operate, so as to obtain a third operation result; if the input of the same test file is executed on the browser bi to obtain O _ w (bi), an example of the third execution result is as follows:
emcc add.c main.c-s STANDALONE_WASM=1-o main.html python-m http.server
in step S300, the analyzing the plurality of operation results and determining the plurality of vulnerabilities at operation includes the following steps: when the second operation result is different from the first operation result, determining that a bug exists in the second operation, and outputting the bug; when the third operation result is different from the first operation result, determining that a vulnerability exists in the third operation, and outputting the vulnerability; and when the second operation result is different from the third operation result, acquiring a vulnerability identification result of a preset person, and when the vulnerability identification result indicates that a vulnerability exists, outputting the vulnerability.
Specifically, as shown in table 2, when the second operation result is different from the first operation result, for example, the operation of the divide-by-zero arithmetic is an illegal operation in the C language, so that the program stops operating, but the arithmetic result of the implementation (e.g., WAVM, etc.) in some WebAssembly runtimes is 0, and the program stop is not triggered, at this time, it is indicated that a BUG exists in the second runtimes (e.g., WAVM, etc.), and the BUG (the calculation of the divide-by-zero operation has a BUG) is reported to the corresponding development community. Similarly, when the third running result is different from the first running result, if the arithmetic operation of the zero-removing operation is illegal operation in the C language, the program stops running, but the arithmetic result is 0 in the implementation of the browser (such as Chrome), the program stop is not triggered, and at this time, it indicates that a BUG exists in the third running (such as Chrome), and the BUG (the BUG exists in the calculation of the zero-removing operation) is reported to the corresponding development community; when the second operation result is different from the third operation result, a preset person can perform identification according to the second operation result and the third operation result to obtain a vulnerability identification result, and the system obtains the vulnerability identification result; when the vulnerability identification result is that a vulnerability exists, that is, the system acquires the vulnerability identification result input by the preset personnel (for example, a vulnerability exists in a third operation (for example, Chrome) or a vulnerability exists in a second operation (for example, WAVM and the like)), the vulnerability can be reported to a corresponding development community. The vulnerability detection method can effectively solve the defects of the implementation scheme of the prior art and solve the problems of low coverage rate of the generated test cases, easy failure of validity detection and the like.
TABLE 2
Figure BDA0003653649580000211
Exemplary device
As shown in fig. 5, an embodiment of the present invention provides a runtime vulnerability detection system based on fuzzy testing, which includes a target program obtaining module 401, a plurality of runtime result obtaining modules 402, and a vulnerability determining module 403, where:
the target program obtaining module 401 is configured to obtain a plurality of source programs, and perform validity analysis processing on the plurality of source programs to obtain a plurality of target programs;
a program variation module 402, configured to perform variation processing on the target programs based on a preset algorithm to obtain a plurality of first program variants, perform validity analysis on the first program variants to obtain a plurality of non-equivalent variants, and obtain a test program set according to the non-equivalent variants and the target programs;
a vulnerability determining module 403, configured to obtain a plurality of operation results corresponding to the test program set according to the test program set and a plurality of preset operation times, analyze the plurality of operation results, and determine a plurality of vulnerabilities during the operation times; wherein the runtime is used to characterize the carrier of the program runtime.
Based on the above embodiment, the present invention further provides an intelligent terminal, and a schematic block diagram thereof may be as shown in fig. 6. The intelligent terminal comprises a processor, a memory, a network interface, a display screen and a temperature sensor which are connected through a system bus. Wherein, the processor of the intelligent terminal is used for providing calculation and control capability. The memory of the intelligent terminal comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The network interface of the intelligent terminal is used for being connected and communicated with an external terminal through a network. The computer program is executed by a processor to implement a runtime vulnerability detection method based on fuzz testing. The display screen of the intelligent terminal can be a liquid crystal display screen or an electronic ink display screen, and the temperature sensor of the intelligent terminal is arranged inside the intelligent terminal in advance and used for detecting the operating temperature of internal equipment.
Those skilled in the art will appreciate that the schematic diagram of fig. 6 is merely a block diagram of a part of the structure related to the solution of the present invention, and does not constitute a limitation of the intelligent terminal to which the solution of the present invention is applied, and a specific intelligent terminal may include more or less components than those shown in the figure, or combine some components, or have different arrangements of components.
In one embodiment, an intelligent terminal is provided that includes a memory, and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by the one or more processors, the one or more programs including instructions for:
acquiring a plurality of source programs, and carrying out effectiveness analysis processing on the source programs to obtain a plurality of target programs;
performing variation processing on the target programs based on a preset algorithm to obtain a plurality of first program variants, performing effectiveness analysis on the first program variants to obtain a plurality of non-equivalent variants, and obtaining a test program set according to the non-equivalent variants and the target programs;
obtaining a plurality of operation results corresponding to the test program set according to the test program set and a plurality of preset operation times, analyzing the operation results and determining a plurality of bugs in the operation times; wherein the runtime is used to characterize the carrier of the program runtime.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, databases, or other media used in embodiments provided herein may include non-volatile and/or volatile memory. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), synchronous Link (Synchlink) DRAM (SLDRAM), Rambus (Rambus) direct RAM (RDRAM), direct bused dynamic RAM (DRDRAM), and bused dynamic RAM (RDRAM).
In summary, the present invention discloses a runtime vulnerability detection method and system based on fuzzy test, the method includes: acquiring a plurality of source programs, and carrying out effectiveness analysis processing on the source programs to obtain a plurality of target programs; performing variation processing on a plurality of source programs subjected to effectiveness analysis processing based on a preset algorithm to obtain a plurality of first program variants, performing effectiveness analysis on the plurality of first program variants to obtain a plurality of non-equivalent variants, and further obtaining a test program set comprising the source programs; and obtaining a plurality of operation results corresponding to the test program set according to the test program set and a plurality of preset operation times, and further determining a plurality of bugs in the operation times according to the plurality of operation results. According to the embodiment of the invention, the obtained target program coverage rate is higher by analyzing and processing the effectiveness of the source program in the WebAssembly running environment, a plurality of running results are obtained by inputting the mutated program to different running processes, and the vulnerability is determined by analyzing the plurality of running results, so that the detection stability and accuracy of the vulnerability are improved.
Based on the above embodiments, the present invention discloses a runtime vulnerability detection method based on fuzzy test, it should be understood that the application of the present invention is not limited to the above examples, and it is obvious to those skilled in the art that modifications and changes can be made according to the above description, and all such modifications and changes shall fall within the protection scope of the appended claims.

Claims (10)

1. A runtime vulnerability detection method based on fuzzy test is characterized in that the method comprises the following steps:
acquiring a plurality of source programs, and carrying out effectiveness analysis processing on the source programs to obtain a plurality of target programs;
performing variation processing on the target programs based on a preset algorithm to obtain a plurality of first program variants, performing effectiveness analysis on the first program variants to obtain a plurality of non-equivalent variants, and obtaining a test program set according to the non-equivalent variants and the target programs;
obtaining a plurality of operation results corresponding to the test program set according to the test program set and a plurality of preset operation times, analyzing the operation results and determining a plurality of bugs in the operation times; wherein the runtime is used to characterize the carrier of the program runtime.
2. The runtime vulnerability detection method based on fuzzy testing of claim 1, wherein the performing validity analysis processing on the plurality of source programs to obtain a plurality of target programs comprises:
repeatedly executing static analysis on the source programs to obtain a plurality of first programs, executing and detecting the code coverage rate of the first programs, and generating a plurality of access parameters; wherein the entries are used to characterize test cases; a plurality of the ginseng entering assemblies form a ginseng entering assembly;
when the first programs detected by the code coverage rate meet a preset condition, stopping executing the step of performing static analysis on the source programs, and taking the first programs meeting the condition as target programs, wherein each target program corresponds to one input parameter set;
compiling and instrumentation the target program aiming at each target program, and running the compiled and instrumented target program based on reference running to obtain a first tracking file corresponding to each target program; wherein the reference runtime is one of the plurality of runtimes; the first tracking file is a file for recording the running sequence of the instrumentation program.
3. The runtime vulnerability detection method based on fuzzy test of claim 1, wherein the performing a mutation process on the plurality of target programs based on a preset algorithm to obtain a plurality of first program variants comprises:
acquiring an initial time value;
randomly acquiring a random number in a preset range;
randomly selecting a first mutation operator in a preset mutation operator set based on priority, and acquiring an index value of the first mutation operator;
randomly selecting a first target program from a plurality of target programs;
randomly selecting a second mutation operator in a preset mutation operator set based on priority, and acquiring an index value of the second mutation operator;
obtaining a receiving probability value according to the index value of the first mutation operator, the index value of the second mutation operator and the first target program based on a preset Metterol Boris-Heisothian algorithm formula; wherein the reception probability value is used to characterize a probability of a reception function;
for each target program, when the receiving probability value is greater than or equal to the random number, performing mutation on each target program by using the second mutation operator to obtain a plurality of first program variants corresponding to each target program; wherein the access parameter set of a number of said first program variants is the same as the access parameter set of each said target program.
4. The runtime vulnerability detection method based on the fuzzy test of claim 3, wherein after obtaining the receiving probability value according to the index value of the first mutation operator, the index value of the second mutation operator and the first target program based on the preset Metterol Polish-Black-Steiny algorithm formula, further comprises:
and when the receiving probability value is smaller than the random number, continuing to perform the steps of randomly selecting a second mutation operator in a preset mutation operator set based on the priority and acquiring an index value of the second mutation operator.
5. The runtime vulnerability detection method based on fuzzy testing of claim 4, wherein the performing validity analysis on the plurality of first program variants to obtain a plurality of non-equivalent variants, and obtaining a test program set according to the plurality of non-equivalent variants and the plurality of target programs comprises:
storing a plurality of target programs into the test program set;
compiling and instrumentation the first program variant to obtain a second program variant corresponding to each first program variant, running the second program variant based on reference running to obtain a second trace file corresponding to each first program variant, taking the first program variant corresponding to the second trace file as a non-equivalent variant when the second trace file is different from the first trace file, adding the non-equivalent variant to a test program set, increasing the index value of the second mutation operator by 1, and sequencing the mutation operators in the mutation operator set from high to low according to the priority, wherein the entry argument of the second program variant is the same as the entry argument of each first program variant;
obtaining an intermediate time value, and subtracting the initial time value from the intermediate time value to obtain a time difference;
when the time difference is smaller than a preset maximum time threshold, repeatedly executing the step of randomly selecting a first target program from a plurality of target programs;
and outputting a test program set when the time difference is equal to the maximum time threshold.
6. The fuzz testing based runtime vulnerability detection method of claim 4, wherein a number of the runtimes comprise a first runtime, a second runtime, and a third runtime; the obtaining a plurality of operation results corresponding to the test program set according to the test program set and a plurality of preset operations includes:
inputting the test program set to a first runtime for running, and outputting a first running result through the first runtime;
compiling the test programs in the test program set;
inputting the compiled test program set into a second operation to operate, and obtaining a second operation result;
and inputting the compiled test program set to a third operation for operation to obtain a third operation result.
7. The runtime vulnerability detection method based on fuzzy testing of claim 6, wherein the analyzing the plurality of the runtime results and determining the plurality of runtime vulnerabilities comprises:
when the second operation result is different from the first operation result, determining that a bug exists in the second operation, and outputting the bug;
when the third operation result is different from the first operation result, determining that a vulnerability exists in the third operation, and outputting the vulnerability;
and when the second operation result is different from the third operation result, acquiring a vulnerability identification result of a preset person, and when the vulnerability identification result indicates that a vulnerability exists, outputting the vulnerability.
8. A runtime vulnerability detection system based on fuzz testing, the system comprising:
the target program acquisition module is used for acquiring a plurality of source programs and analyzing and processing the effectiveness of the source programs to obtain a plurality of target programs;
the program variation module is used for performing variation processing on the target programs based on a preset algorithm to obtain a plurality of first program variants, performing effectiveness analysis on the first program variants to obtain a plurality of non-equivalent variants, and obtaining a test program set according to the non-equivalent variants and the target programs;
the vulnerability determining module is used for obtaining a plurality of operation results corresponding to the test program set according to the test program set and a plurality of preset operation times, analyzing the operation results and determining a plurality of vulnerability during the operation; wherein the runtime is used to characterize the carrier of the program runtime.
9. An intelligent terminal comprising a memory, and one or more programs, wherein the one or more programs are stored in the memory, and wherein the one or more programs being configured to be executed by the one or more processors comprises instructions for performing the method of any of claims 1-7.
10. A non-transitory computer readable storage medium, wherein instructions in the storage medium, when executed by a processor of an electronic device, enable the electronic device to perform the method of any of claims 1-7.
CN202210548927.3A 2022-05-20 2022-05-20 Runtime vulnerability detection method and system based on fuzzy test Pending CN115080978A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210548927.3A CN115080978A (en) 2022-05-20 2022-05-20 Runtime vulnerability detection method and system based on fuzzy test

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210548927.3A CN115080978A (en) 2022-05-20 2022-05-20 Runtime vulnerability detection method and system based on fuzzy test

Publications (1)

Publication Number Publication Date
CN115080978A true CN115080978A (en) 2022-09-20

Family

ID=83250001

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210548927.3A Pending CN115080978A (en) 2022-05-20 2022-05-20 Runtime vulnerability detection method and system based on fuzzy test

Country Status (1)

Country Link
CN (1) CN115080978A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115905021A (en) * 2022-12-30 2023-04-04 长春吉大正元信息技术股份有限公司 Fuzzy test method and device, electronic equipment and storage medium

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB0822619D0 (en) * 2008-12-11 2009-01-21 Scansafe Ltd Malware detection
US20130345066A1 (en) * 2012-05-09 2013-12-26 Life Technologies Corporation Systems and methods for identifying sequence variation
WO2016094840A2 (en) * 2014-12-11 2016-06-16 Ghosh Sudeep System, method & computer readable medium for software protection via composable process-level virtual machines
CN108647145A (en) * 2018-05-10 2018-10-12 清华大学 software memory safety detection method and system
CN109032927A (en) * 2018-06-26 2018-12-18 腾讯科技(深圳)有限公司 A kind of bug excavation method and device
US20200151305A1 (en) * 2018-11-09 2020-05-14 Nanyang Technological University Computer program code obfuscation methods and systems
CN112884475A (en) * 2021-01-22 2021-06-01 支付宝(杭州)信息技术有限公司 Test method and system of intelligent contract resource loss monitoring system
CN112905447A (en) * 2021-01-22 2021-06-04 支付宝(杭州)信息技术有限公司 Test method and system for block chain virtual machine
CN113221126A (en) * 2021-05-31 2021-08-06 北京中科天齐信息技术有限公司 TensorFlow program vulnerability detection method and device and electronic equipment

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB0822619D0 (en) * 2008-12-11 2009-01-21 Scansafe Ltd Malware detection
US20130345066A1 (en) * 2012-05-09 2013-12-26 Life Technologies Corporation Systems and methods for identifying sequence variation
WO2016094840A2 (en) * 2014-12-11 2016-06-16 Ghosh Sudeep System, method & computer readable medium for software protection via composable process-level virtual machines
CN108647145A (en) * 2018-05-10 2018-10-12 清华大学 software memory safety detection method and system
CN109032927A (en) * 2018-06-26 2018-12-18 腾讯科技(深圳)有限公司 A kind of bug excavation method and device
US20200151305A1 (en) * 2018-11-09 2020-05-14 Nanyang Technological University Computer program code obfuscation methods and systems
CN112884475A (en) * 2021-01-22 2021-06-01 支付宝(杭州)信息技术有限公司 Test method and system of intelligent contract resource loss monitoring system
CN112905447A (en) * 2021-01-22 2021-06-04 支付宝(杭州)信息技术有限公司 Test method and system for block chain virtual machine
CN113221126A (en) * 2021-05-31 2021-08-06 北京中科天齐信息技术有限公司 TensorFlow program vulnerability detection method and device and electronic equipment

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
张亚丰;洪征;吴礼发;周振吉;孙贺;: "基于状态的工控协议Fuzzing测试技术", 计算机科学, no. 05, 15 May 2017 (2017-05-15) *
张开便;董振华;李喜艳;: "基于模糊测试的网络协议漏洞挖掘研究", 现代电子技术, no. 13, 1 July 2016 (2016-07-01) *
袁子牧;肖扬;吴炜;霍玮;邹维;: "知识、探索与状态平面组织的软件漏洞分析架构研究", 信息安全学报, no. 06, 15 November 2019 (2019-11-15) *
邹燕燕;邹维;尹嘉伟;霍玮;杨梅芳;孙丹丹;史记;: "变异策略感知的并行模糊测试研究", 信息安全学报, no. 05, 15 September 2020 (2020-09-15) *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115905021A (en) * 2022-12-30 2023-04-04 长春吉大正元信息技术股份有限公司 Fuzzy test method and device, electronic equipment and storage medium
CN115905021B (en) * 2022-12-30 2023-11-28 长春吉大正元信息技术股份有限公司 Fuzzy test method and device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
Just et al. Are mutants a valid substitute for real faults in software testing?
CN111859388B (en) Multi-level mixed vulnerability automatic mining method
Chen et al. Star: Stack trace based automatic crash reproduction via symbolic execution
EP2791803B1 (en) Medium and method for systematic error injection in generated code
CN101286132B (en) Test method and system based on software defect mode
US5651111A (en) Method and apparatus for producing a software test system using complementary code to resolve external dependencies
CN105787367B (en) A kind of the patch safety detecting method and system of software upgrading
Jiang et al. Fuzzing Error Handling Code using {Context-Sensitive} Software Fault Injection
Marinescu et al. Covrig: A framework for the analysis of code, test, and coverage evolution in real software
Groß et al. FUZZILLI: Fuzzing for JavaScript JIT Compiler Vulnerabilities.
Tomassi et al. On the real-world effectiveness of static bug detectors at finding null pointer exceptions
Hashimoto et al. Detecting arithmetic optimization opportunities for C compilers by randomly generated equivalent programs
CN113836023B (en) Compiler security testing method based on architecture cross check
Chakraborty et al. Automatic root cause quantification for missing edges in JavaScript call graphs
CN115080978A (en) Runtime vulnerability detection method and system based on fuzzy test
Yang et al. Automatic self-validation for code coverage profilers
Zhao et al. H-fuzzing: A new heuristic method for fuzzing data generation
Bradley et al. High performance static analysis for industry
Liang et al. Improving the precision of static analysis: Symbolic execution based on GCC abstract syntax tree
Gerlich et al. Random testing: From the classical approach to a global view and full test automation
Li et al. Ares: Inferring error specifications through static analysis
Hirzel Selective regression testing for web applications created with Google Web Toolkit
Nakagawa et al. How compact will my system be? A fully-automated way to calculate Loc reduced by clone refactoring
Hwang et al. An Empirical Study of JVMs’ Behaviors on Erroneous JNI Interoperations
Yousaf et al. Efficient Identification of Race Condition Vulnerability in C code by Abstract Interpretation and Value Analysis

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination