(3.235.11.178) 您好!臺灣時間:2021/03/05 16:00
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果

詳目顯示:::

我願授權國圖
: 
twitterline
研究生:陳瑋雋
研究生(外文):Wei-Jun Chen
論文名稱:模糊測試方法排程效益分析與評估
論文名稱(外文):On the Effectiveness of Scheduling Fuzz Testing
指導教授:田筱榮田筱榮引用關係
指導教授(外文):Hsiao-Rong Tyan
學位類別:碩士
校院名稱:中原大學
系所名稱:資訊工程研究所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2015
畢業學年度:103
語文別:英文
論文頁數:32
中文關鍵詞:電腦安全模糊測試軟體安全排程策略軟體測試
外文關鍵詞:Computer SecurityFuzz TestingSoftware SecurityScheduling StrategySoftware Testing
相關次數:
  • 被引用被引用:0
  • 點閱點閱:571
  • 評分評分:系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
隨著電腦的普及與電腦軟體的快速增加,利用軟體漏洞入侵系統的事件隨之增加,軟體安全也日趨重要,但是要開發出一個沒有缺陷的電腦軟體可以說幾乎不可能,因此需要縝密的軟體測試,盡可能的發現軟體的缺陷,提升軟體品質。隨著軟體系統的規模大幅度的增長,人工軟體測試不但費時且高複雜度的系統的人工測試很難有效率的進行,以自動化的方式進行軟體測試是必須發展的方向。在不針對程式碼的內容的情形下,測試可以採用黑盒測試的方式,搭配輸入值模糊變異,只需要執行碼即可對受測目標進行測試,尋找可以造成受測目標執行失敗的事例。現存有許多自動化或半自動化的軟體測試工具或系統,使得軟體測試的工作比較容易,但要如何在有限的時間內產出最多的獨特缺陷卻仍是一個待解決的問題。之前有研究以歷史資料模擬的方式討論不同軟體測試排程測略的效果,然而軟體測試是動態的過程,實際測試的狀況下是否符合使用靜態的歷史資料分析的結果尚須證實,本研究中我們將不同排程測略在FOE(Failure Observation Engine)軟體測試系統上實現,以動態執行的方式探討排程策略的效果,觀察不同排程策略的實施對於測試效率的影響。
Due to the popularization of computers and the rapid development of computer software, computer intrusions taking advantage of software vulnerabilities are escalating. As a result, software security becomes more and more important, and we need to test computer software as thoroughly as possible so that bugs can be discovered and the quality of computer software can be improved. With the size and complexity of computer software ever increasing, manual software testing is both time-consuming and too complicate to be conducted efficiently. The alternative is automatic software testing. Given the executable code, automatic black-box software testing based on input data fuzzing can be performed without reference to source code to induce computer crash. When a crash is found, it can be analyzed to discover bugs. There are several automatic software testing tools and systems available. One important issue need to be studied is how to find as many of unique bugs as possible within a reasonable amount of time. A test scheduling strategy study has been performed based on simulation on recorded data. However, in software testing system adopting dynamic input seed file set, whether the findings still hold need to be re-examined. In this thesis, various scheduling strategies were implemented within the software testing system Failure Observation Engine(FOE). The effects of scheduling strategies on software testing efficiency were studied by performing testing experiments using the modified FOE.
摘要 i
Abstract ii
誌謝 iv
Table of Contents v
List of Figures vii
List of Tables viii
1. Introduction 1
1.1 Background 1
1.2 Motivation 2
1.3 Overview 2
2. Related Work 3
2.1 Fuzz Testing Background 3
2.2 Fuzz Testing Related Work 4
2.3 Comparison of Related Works 11
3. Methods 12
3.1 FuzzSim 12
3.1.1 Scheduling Algorithms 12
3.1.2 FuzzSim Results 13
3.2 System Architecture 15
3.2.1 System Extension 15
3.2.2 Modified Architecture 16
3.2.3 Experiment Plan 16
4. Experimental Results 20
4.1 Experiment Setup 20
4.2 Test Data Collection 20
4.3 Experimental Results and Data Analysis 20
5. Conclusions and Future Works 24
5.1 Conclusions 24
5.2 Future Works 24

References 25

List of Figures
Figure 1 The structure of a fuzzer 4
Figure 2 FOE crash recycling feature 6
Figure 3 Architecture of ZZUF 7
Figure 4 Comparison of Related Works 11
Figure 5 Scheduling Algorithm of FuzzSim 14
Figure 6 Architecture of FOE 17
Figure 7 Flowchart of modified FOE before fuzzing 18
Figure 8 Distribution of crashes on each target program 22

List of Tables
Table 1 Experimental Method 19
Table 2 Experimental Results 23
[1]Fuzz Testing, http://en.wikipedia.org/wiki/Fuzz_testing
[2]Macintosh Stories: Monkey Lives, http://www.folklore.org/StoryView.py?story=Monkey_Lives.txt
[3]Failure Observation Engine, http://www.cert.org/vulnerability-analysis/tools/foe.cfm
[4]Basic Fuzzing Framework, http://www.cert.org/vulnerability-analysis/tools/bff.cfm
[5]Peach Fuzzer, http://old.peachfuzzer.com/
[6]ZZUF, http://caca.zoy.org/wiki/zzuf
[7]C. Miller et al., “Crash Analysis with BitBlaze,” 2010, http://securityevaluators.com/files/papers/CrashAnalysis.pdf.
[8]M. Woo, S.-K. Cha, S. Gottlieb, D. Brumley, “Scheduling Black-box Mutational Fuzzing”, In Proceedings of the 2013 ACM SIGSAC conference on Computer &; communications security, pages 511-522,2013
[9]S.-K. Huang, M.-H. Huang, P.-Y. Huang, C.-W. Lai, H.-L. Lu, and W.-M. Leong. “CRAX:Software Crash Analysis for Automatic Exploit Generation by Modeling Attacks as Symbolic Continuations.” In Proceedings of IEEE Sixth International Conference on Software Security and Reliability (SERE 2012), pages 78–87, 2012.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
無相關期刊
 
系統版面圖檔 系統版面圖檔