中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 软件所图书馆  > 期刊论文
Subject: Computer Science
Title:
black-box testing based on colorful taint analysis
Author: Chen Kai ; Feng DengGuo ; Su PuRui ; Zhang YingJun
Keyword: software testing ; vulnerability detection ; dynamic testing ; black-box testing ; colorful taint analysis
Source: SCIENCE CHINA-INFORMATION SCIENCES
Issued Date: 2012
Volume: 55, Issue:1, Pages:171-183
Indexed Type: SCI
Department: Chen Kai; Feng DengGuo; Su PuRui; Zhang YingJun Chinese Acad Sci State Key Lab Informat Secur Inst Software Beijing 100190 Peoples R China. Chen Kai; Zhang YingJun Chinese Acad Sci State Key Lab Informat Secur Grad Univ Beijing 100049 Peoples R China. Chen Kai; Zhang YingJun Natl Engn Res Ctr Informat Secur Beijing 100190 Peoples R China.
Sponsorship: National Natural Science Foundation of China 60970028, 60703076, 61073179
Abstract: Software vulnerability detection is one of the most important methods for guaranteeing software security. Two main classes of methods can detect vulnerabilities in binary files: white-box testing and black-box testing. The former needs to construct and solve path constraints to detect vulnerabilities. It has two main drawbacks: path exploding and complexity of constraints. The latter often aimlessly exhausts various inputs to test binary files. This paper combines both testing methods to detect vulnerabilities in binary files. By analyzing the input elements that affect check condition corresponding to a certain check point, we can generate one class of inputs that get to the check point to increase fuzzing efficiency. By analyzing the relationship between guard conditions and check condition, the redundant check points are removed. Colorful taint analysis method (CTAM) is proposed to compute guard conditions, which is more efficient than traditional taint analysis method (TTAM). We implemented a prototype and made several experiments on it. The results showed that our method could increase the efficiency of black-box testing.
English Abstract: Software vulnerability detection is one of the most important methods for guaranteeing software security. Two main classes of methods can detect vulnerabilities in binary files: white-box testing and black-box testing. The former needs to construct and solve path constraints to detect vulnerabilities. It has two main drawbacks: path exploding and complexity of constraints. The latter often aimlessly exhausts various inputs to test binary files. This paper combines both testing methods to detect vulnerabilities in binary files. By analyzing the input elements that affect check condition corresponding to a certain check point, we can generate one class of inputs that get to the check point to increase fuzzing efficiency. By analyzing the relationship between guard conditions and check condition, the redundant check points are removed. Colorful taint analysis method (CTAM) is proposed to compute guard conditions, which is more efficient than traditional taint analysis method (TTAM). We implemented a prototype and made several experiments on it. The results showed that our method could increase the efficiency of black-box testing.
Language: 英语
WOS ID: WOS:000298651900020
Citation statistics:
Content Type: 期刊论文
URI: http://ir.iscas.ac.cn/handle/311060/15095
Appears in Collections:软件所图书馆_期刊论文

Files in This Item:

There are no files associated with this item.


Recommended Citation:
Chen Kai,Feng DengGuo,Su PuRui,et al. black-box testing based on colorful taint analysis[J]. SCIENCE CHINA-INFORMATION SCIENCES,2012-01-01,55(1):171-183.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[Chen Kai]'s Articles
[Feng DengGuo]'s Articles
[Su PuRui]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[Chen Kai]‘s Articles
[Feng DengGuo]‘s Articles
[Su PuRui]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2019  中国科学院软件研究所 - Feedback
Powered by CSpace