基于故障注入的白盒Fuzzing技术.pdfVIP

System Simulation Technology Application (Volume 14) A Whitebox Fuzzing Technique Based on Fault Injection 1 2 1 Jiwei ZHENG , Honghui LI , Meng ZHANG 1School of Computer and Information Technology, Beijing Jiaotong University, acronyms acceptable, Beijing, China, 100044 2Engineering Research Center of High-speed Railway Network Management, Ministry of Education, Beijing, China, 100044 Email: huiwei0704@ Abstract: Fuzzing testing is an effective technique for finding security vulnerabilities in programs. This paper presents a new automated Whitebox fuzzing technique. In the traditional random fuzzing techniques, we just randomly change the information of input file to generate the test cases and without much understanding of the basic syntactic structure of the input file. Compare with it, the fuzzing technique based on fault injection can dynamic trace the key variable or the library calls which affects the execution of the program to identify the vulnerabilities in the programs, and then we use it to inject the faults to generate the fuzzing inputs. Moreover, the test cases which generate by the fuzzing technique based on the fault injection will preserve the underlying syntactic structure of the original input files, therefore these tests cases can get through the initial input parsing components and exercise the program code deep within the core functions. Because the tech- nique is exploit the vulnerabilities about the input file format, the input syntactic structure will not change, it is especially suitable for testing programs that have complex and highly structured input file formats ( such as video, picture and text format, etc.). Keywords: Fuzzing Testing; Whitebox Testing; Fault Injection;