Black-box testing based on colorful taint analysis
Software vulnerability detection is one of the most important methods for guaranteeing software security. Two main classes of methods can detect vulnerabilities in binary files: white-box testing and black-box testing. The former needs to construct and solve path constraints to detect vulnerabilitie...
Gespeichert in:
Veröffentlicht in: | Science China. Information sciences 2012, Vol.55 (1), p.171-183 |
---|---|
Hauptverfasser: | , , , |
Format: | Artikel |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
container_end_page | 183 |
---|---|
container_issue | 1 |
container_start_page | 171 |
container_title | Science China. Information sciences |
container_volume | 55 |
creator | Chen, Kai Feng, DengGuo Su, PuRui Zhang, YingJun |
description | Software vulnerability detection is one of the most important methods for guaranteeing software security. Two main classes of methods can detect vulnerabilities in binary files: white-box testing and black-box testing. The former needs to construct and solve path constraints to detect vulnerabilities. It has two main drawbacks: path exploding and complexity of constraints. The latter often aimlessly exhausts various inputs to test binary flies. This paper combines both testing methods to detect vulnerabilities in binary files. By analyzing the input elements that affect cheek condition corresponding to a certain check point, we can generate one class of inputs that get to the check point to increase fuzzing efficiency. By analyzing the relationship between guard conditions and check condition, the redundant cheek points are removed. Colorful taint analysis method (CTAM) is proposed to compute guard conditions, which is more efficient than traditional taint analysis method (TTAM). We implemented a prototype and made several experiments on it. The results showed that our method could increase the efficiency of black-box testing. |
doi_str_mv | 10.1007/s11432-011-4291-y |
format | Article |
fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_miscellaneous_1221863290</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><cqvip_id>40710491</cqvip_id><sourcerecordid>2918620927</sourcerecordid><originalsourceid>FETCH-LOGICAL-c375t-38223143014a39086936ba1923d6b804f8028e82cba5846eac1fac663eeb63173</originalsourceid><addsrcrecordid>eNp9kD9PwzAQxS0EElXpB2ALYmEx-HyuY49Q8U-qxAISm-WkTklJ49ZOJfLtcZUKJAZu8Q3vvXv-EXIO7BoYy28igEBOGQAVXAPtj8gIlNQUNOjjtMtc0Bzx_ZRMYlyxNIiM52pE-F1jy09a-K-sc7Gr22VW2OgWmW-z0jc-VLsm62zddpltbdPHOp6Rk8o20U0O75i8Pdy_zp7o_OXxeXY7pyXm046i4hxTLwbComapDsrCgua4kIViolKMK6d4WdipEtLZEipbSonOFRIhxzG5GnI3wW93qZxZ17F0TWNb53fRAOfpk8g1S9LLP9KV34XUN5rEQ0nONN8HwqAqg48xuMpsQr22oTfAzB6kGUCaBNLsQZo-efjgiUnbLl34Tf7PdHE49OHb5Tb5fi4JlgMTGvAbBN1-Wg</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2918620927</pqid></control><display><type>article</type><title>Black-box testing based on colorful taint analysis</title><source>SpringerNature Journals</source><source>ProQuest Central UK/Ireland</source><source>Alma/SFX Local Collection</source><source>ProQuest Central</source><creator>Chen, Kai ; Feng, DengGuo ; Su, PuRui ; Zhang, YingJun</creator><creatorcontrib>Chen, Kai ; Feng, DengGuo ; Su, PuRui ; Zhang, YingJun</creatorcontrib><description>Software vulnerability detection is one of the most important methods for guaranteeing software security. Two main classes of methods can detect vulnerabilities in binary files: white-box testing and black-box testing. The former needs to construct and solve path constraints to detect vulnerabilities. It has two main drawbacks: path exploding and complexity of constraints. The latter often aimlessly exhausts various inputs to test binary flies. This paper combines both testing methods to detect vulnerabilities in binary files. By analyzing the input elements that affect cheek condition corresponding to a certain check point, we can generate one class of inputs that get to the check point to increase fuzzing efficiency. By analyzing the relationship between guard conditions and check condition, the redundant cheek points are removed. Colorful taint analysis method (CTAM) is proposed to compute guard conditions, which is more efficient than traditional taint analysis method (TTAM). We implemented a prototype and made several experiments on it. The results showed that our method could increase the efficiency of black-box testing.</description><identifier>ISSN: 1674-733X</identifier><identifier>EISSN: 1869-1919</identifier><identifier>DOI: 10.1007/s11432-011-4291-y</identifier><language>eng</language><publisher>Heidelberg: SP Science China Press</publisher><subject>Black boxes ; China ; Computer information security ; Computer programs ; Computer Science ; Explosions ; Guards ; Information Systems and Communication Service ; Redundant ; Research Paper ; Software ; Software reliability ; Software testing ; Taint ; 二进制文件 ; 多彩 ; 检查点 ; 污点 ; 漏洞检测 ; 路径约束 ; 软件安全性 ; 黑盒测试</subject><ispartof>Science China. Information sciences, 2012, Vol.55 (1), p.171-183</ispartof><rights>Science China Press and Springer-Verlag Berlin Heidelberg 2011</rights><rights>Science China Press and Springer-Verlag Berlin Heidelberg 2011.</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c375t-38223143014a39086936ba1923d6b804f8028e82cba5846eac1fac663eeb63173</citedby><cites>FETCH-LOGICAL-c375t-38223143014a39086936ba1923d6b804f8028e82cba5846eac1fac663eeb63173</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Uhttp://image.cqvip.com/vip1000/qk/84009A/84009A.jpg</thumbnail><linktopdf>$$Uhttps://link.springer.com/content/pdf/10.1007/s11432-011-4291-y$$EPDF$$P50$$Gspringer$$H</linktopdf><linktohtml>$$Uhttps://www.proquest.com/docview/2918620927?pq-origsite=primo$$EHTML$$P50$$Gproquest$$H</linktohtml><link.rule.ids>314,780,784,4024,21388,27923,27924,27925,33744,33745,41488,42557,43805,51319,64385,64387,64389,72469</link.rule.ids></links><search><creatorcontrib>Chen, Kai</creatorcontrib><creatorcontrib>Feng, DengGuo</creatorcontrib><creatorcontrib>Su, PuRui</creatorcontrib><creatorcontrib>Zhang, YingJun</creatorcontrib><title>Black-box testing based on colorful taint analysis</title><title>Science China. Information sciences</title><addtitle>Sci. China Inf. Sci</addtitle><addtitle>SCIENCE CHINA Information Sciences</addtitle><description>Software vulnerability detection is one of the most important methods for guaranteeing software security. Two main classes of methods can detect vulnerabilities in binary files: white-box testing and black-box testing. The former needs to construct and solve path constraints to detect vulnerabilities. It has two main drawbacks: path exploding and complexity of constraints. The latter often aimlessly exhausts various inputs to test binary flies. This paper combines both testing methods to detect vulnerabilities in binary files. By analyzing the input elements that affect cheek condition corresponding to a certain check point, we can generate one class of inputs that get to the check point to increase fuzzing efficiency. By analyzing the relationship between guard conditions and check condition, the redundant cheek points are removed. Colorful taint analysis method (CTAM) is proposed to compute guard conditions, which is more efficient than traditional taint analysis method (TTAM). We implemented a prototype and made several experiments on it. The results showed that our method could increase the efficiency of black-box testing.</description><subject>Black boxes</subject><subject>China</subject><subject>Computer information security</subject><subject>Computer programs</subject><subject>Computer Science</subject><subject>Explosions</subject><subject>Guards</subject><subject>Information Systems and Communication Service</subject><subject>Redundant</subject><subject>Research Paper</subject><subject>Software</subject><subject>Software reliability</subject><subject>Software testing</subject><subject>Taint</subject><subject>二进制文件</subject><subject>多彩</subject><subject>检查点</subject><subject>污点</subject><subject>漏洞检测</subject><subject>路径约束</subject><subject>软件安全性</subject><subject>黑盒测试</subject><issn>1674-733X</issn><issn>1869-1919</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2012</creationdate><recordtype>article</recordtype><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><sourceid>GNUQQ</sourceid><recordid>eNp9kD9PwzAQxS0EElXpB2ALYmEx-HyuY49Q8U-qxAISm-WkTklJ49ZOJfLtcZUKJAZu8Q3vvXv-EXIO7BoYy28igEBOGQAVXAPtj8gIlNQUNOjjtMtc0Bzx_ZRMYlyxNIiM52pE-F1jy09a-K-sc7Gr22VW2OgWmW-z0jc-VLsm62zddpltbdPHOp6Rk8o20U0O75i8Pdy_zp7o_OXxeXY7pyXm046i4hxTLwbComapDsrCgua4kIViolKMK6d4WdipEtLZEipbSonOFRIhxzG5GnI3wW93qZxZ17F0TWNb53fRAOfpk8g1S9LLP9KV34XUN5rEQ0nONN8HwqAqg48xuMpsQr22oTfAzB6kGUCaBNLsQZo-efjgiUnbLl34Tf7PdHE49OHb5Tb5fi4JlgMTGvAbBN1-Wg</recordid><startdate>2012</startdate><enddate>2012</enddate><creator>Chen, Kai</creator><creator>Feng, DengGuo</creator><creator>Su, PuRui</creator><creator>Zhang, YingJun</creator><general>SP Science China Press</general><general>Springer Nature B.V</general><scope>2RA</scope><scope>92L</scope><scope>CQIGP</scope><scope>W92</scope><scope>~WA</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>8FE</scope><scope>8FG</scope><scope>AFKRA</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>GNUQQ</scope><scope>HCIFZ</scope><scope>JQ2</scope><scope>K7-</scope><scope>P5Z</scope><scope>P62</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>7SC</scope><scope>8FD</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>2012</creationdate><title>Black-box testing based on colorful taint analysis</title><author>Chen, Kai ; Feng, DengGuo ; Su, PuRui ; Zhang, YingJun</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c375t-38223143014a39086936ba1923d6b804f8028e82cba5846eac1fac663eeb63173</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2012</creationdate><topic>Black boxes</topic><topic>China</topic><topic>Computer information security</topic><topic>Computer programs</topic><topic>Computer Science</topic><topic>Explosions</topic><topic>Guards</topic><topic>Information Systems and Communication Service</topic><topic>Redundant</topic><topic>Research Paper</topic><topic>Software</topic><topic>Software reliability</topic><topic>Software testing</topic><topic>Taint</topic><topic>二进制文件</topic><topic>多彩</topic><topic>检查点</topic><topic>污点</topic><topic>漏洞检测</topic><topic>路径约束</topic><topic>软件安全性</topic><topic>黑盒测试</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Chen, Kai</creatorcontrib><creatorcontrib>Feng, DengGuo</creatorcontrib><creatorcontrib>Su, PuRui</creatorcontrib><creatorcontrib>Zhang, YingJun</creatorcontrib><collection>中文科技期刊数据库</collection><collection>中文科技期刊数据库-CALIS站点</collection><collection>中文科技期刊数据库-7.0平台</collection><collection>中文科技期刊数据库-工程技术</collection><collection>中文科技期刊数据库- 镜像站点</collection><collection>CrossRef</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central UK/Ireland</collection><collection>Advanced Technologies & Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>ProQuest Central Student</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Computer Science Collection</collection><collection>Computer Science Database</collection><collection>Advanced Technologies & Aerospace Database</collection><collection>ProQuest Advanced Technologies & Aerospace Collection</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Science China. Information sciences</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Chen, Kai</au><au>Feng, DengGuo</au><au>Su, PuRui</au><au>Zhang, YingJun</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Black-box testing based on colorful taint analysis</atitle><jtitle>Science China. Information sciences</jtitle><stitle>Sci. China Inf. Sci</stitle><addtitle>SCIENCE CHINA Information Sciences</addtitle><date>2012</date><risdate>2012</risdate><volume>55</volume><issue>1</issue><spage>171</spage><epage>183</epage><pages>171-183</pages><issn>1674-733X</issn><eissn>1869-1919</eissn><abstract>Software vulnerability detection is one of the most important methods for guaranteeing software security. Two main classes of methods can detect vulnerabilities in binary files: white-box testing and black-box testing. The former needs to construct and solve path constraints to detect vulnerabilities. It has two main drawbacks: path exploding and complexity of constraints. The latter often aimlessly exhausts various inputs to test binary flies. This paper combines both testing methods to detect vulnerabilities in binary files. By analyzing the input elements that affect cheek condition corresponding to a certain check point, we can generate one class of inputs that get to the check point to increase fuzzing efficiency. By analyzing the relationship between guard conditions and check condition, the redundant cheek points are removed. Colorful taint analysis method (CTAM) is proposed to compute guard conditions, which is more efficient than traditional taint analysis method (TTAM). We implemented a prototype and made several experiments on it. The results showed that our method could increase the efficiency of black-box testing.</abstract><cop>Heidelberg</cop><pub>SP Science China Press</pub><doi>10.1007/s11432-011-4291-y</doi><tpages>13</tpages></addata></record> |
fulltext | fulltext |
identifier | ISSN: 1674-733X |
ispartof | Science China. Information sciences, 2012, Vol.55 (1), p.171-183 |
issn | 1674-733X 1869-1919 |
language | eng |
recordid | cdi_proquest_miscellaneous_1221863290 |
source | SpringerNature Journals; ProQuest Central UK/Ireland; Alma/SFX Local Collection; ProQuest Central |
subjects | Black boxes China Computer information security Computer programs Computer Science Explosions Guards Information Systems and Communication Service Redundant Research Paper Software Software reliability Software testing Taint 二进制文件 多彩 检查点 污点 漏洞检测 路径约束 软件安全性 黑盒测试 |
title | Black-box testing based on colorful taint analysis |
url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-27T19%3A26%3A00IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Black-box%20testing%20based%20on%20colorful%20taint%20analysis&rft.jtitle=Science%20China.%20Information%20sciences&rft.au=Chen,%20Kai&rft.date=2012&rft.volume=55&rft.issue=1&rft.spage=171&rft.epage=183&rft.pages=171-183&rft.issn=1674-733X&rft.eissn=1869-1919&rft_id=info:doi/10.1007/s11432-011-4291-y&rft_dat=%3Cproquest_cross%3E2918620927%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2918620927&rft_id=info:pmid/&rft_cqvip_id=40710491&rfr_iscdi=true |