计算机与现代化

• 软件工程 • 上一篇    下一篇

一种应用于动态污点分析的路径自动生成方法

  

  1. (1.南京航空航天大学计算机科学与技术学院,江苏南京211106;2.江南计算技术研究所,江苏无锡214083)
  • 收稿日期:2016-10-21 出版日期:2017-07-20 发布日期:2017-07-20
  • 作者简介:董国良(1980-),男,河北晋州人,江南计算技术研究所工程师,南京航空航天大学计算机科学与技术学院硕士研究生,本科,研究方向:软件测试与网络安全; 臧洌(1964-),女,硕士,副教授,研究方向:网络安全及软件可靠性; 李航(1991-),男,硕士研究生,研究方向:机器学习; 甘露(1991-),女,硕士研究生,研究方向:软件测试。

A Path Automatic Generation Method for Dynamic Taint Analysis

  1. (1. College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, Nanjing 211106, China;
    2. Jiangnan Institute of Computing Technology, Wuxi 214083, China)
  • Received:2016-10-21 Online:2017-07-20 Published:2017-07-20

摘要: 在对现有动态污点分析平台研究和分析的基础上,提出一种路径自动生成技术。借助二进制静态分析技术获取目标程序的指令序列,以基本块为粒度计算执行覆盖率,在目标程序动态执行中抓取其运行轨迹,由收集到的路径约束条件构造新的路径约束条件,经约束求解生成覆盖其它路径的新的测试用例。借助虚拟化技术实现动态污点分析各用例的并行执行,较大幅度提高污点分析的路径覆盖率和执行效率。

关键词: 动态污点分析, 路径自动生成, 约束求解, 代码覆盖率

Abstract: Based on the research and analysis of the existing dynamic taint analysis platform, a path automatic generation method is proposed. The sequence of instructions can be obtained by using binary static analysis technique and the binary code coverage rate is calculated with the base block as the granularity. The execution path of the target program is captured in the dynamic execution of the target program and the new path constraint conditions are constructed by the collected path constraint conditions, new test cases which will cover other paths can be generated by constraint solving. The parallel implementation of dynamic taint analysis by using virtualization technology can greatly improve the efficiency and code coverage of the taint analysis.

Key words: dynamic taint analysis, path automatic generation, constraint solving, code coverage

中图分类号: