CN116069672B - Seed variation method and test method for kernel directional fuzzy test of operating system - Google Patents
Seed variation method and test method for kernel directional fuzzy test of operating system Download PDFInfo
- Publication number
- CN116069672B CN116069672B CN202310288727.3A CN202310288727A CN116069672B CN 116069672 B CN116069672 B CN 116069672B CN 202310288727 A CN202310288727 A CN 202310288727A CN 116069672 B CN116069672 B CN 116069672B
- Authority
- CN
- China
- Prior art keywords
- seed
- function
- granularity
- kernel
- seeds
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3684—Test management for test design, e.g. generating new test cases
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3688—Test management for test execution, e.g. scheduling of test suites
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a seed mutation method for an operating system kernel directional fuzzy test, which comprises the steps of obtaining data information of a target operating system; constructing a function call graph and a control flow graph; obtaining an inter-process control flow graph; obtaining the distance measurement of the kernel code relative to the target position; evaluating the existing seeds and obtaining seeds meeting the set conditions; performing quality scoring and energy distribution on the obtained seeds to obtain test case seeds with different energies; and carrying out self-adaptive mutation on the seeds of the test cases to finish the corresponding seed mutation. The invention also discloses a testing method of the seed variation method comprising the kernel directional ambiguity test of the operating system. The method of the invention not only can ensure that high-quality seeds are subjected to preferential mutation execution and realize the high reliability, high efficiency and excellent mutation effect of the seed mutation, but also can ensure that the resource cost of the subsequent test process is less, the test time is shortened and the test efficiency is higher.
Description
Technical Field
The invention belongs to the technical field of computers, and particularly relates to a seed variation method and a testing method for an operating system kernel directional fuzzy test.
Background
Along with the development of economic technology and the improvement of living standard of people, the computer operating system is widely applied to the production and living of people, and brings endless convenience to the production and living of people. Therefore, ensuring stable and reliable operation of the operating system becomes one of the important research points of researchers.
The kernel is the core of an operating system. The kernel is a hardware-based first-tier software extension that provides the most basic functions of the operating system, which is the basis for the operating system to work. Therefore, in maintaining the security of a computer, it is important to ensure the security of the kernel of the operating system.
The fuzzy test is a software testing method which is currently mainstream. The method adopts an automatic or semi-automatic mode to generate test cases, then inputs the test cases into a target system, and captures vulnerabilities by monitoring abnormal behaviors of the system in the process of running the test cases. Currently, applying fuzzy testing to the field of kernel security has achieved good results.
The fuzzy test of the kernel of the operating system is to input a system call sequence as a seed in the fuzzy test process, generate random parameters and sequences for the operating system to execute, and monitor the operation of the operating system through a defect detection tool in the kernel at the same time so as to find out the abnormal state of the operating system during operation.
In the field of kernel fuzzy test, most of the current technical schemes are to conduct vulnerability discovery with coverage rate as a guide. The basic flow is as follows:
first the fuzzy test tool generates the valid seed for the system call by manually coded rules and puts it as an initial input into the seed pool. And then selecting test case seeds according to the seed coverage information, performing mutation operation on the test case seeds, and putting test cases generated by mutation into a tested kernel for execution. Executing the generated data stream and control stream information will guide the selection of the mutation strategy. If the new position is covered in the test case execution process, the test case is stored in the seed pool for the next use. If an abnormal state occurs in the program when the test case is executed, a kernel operation security violation report is received, and the test is ended; if no abnormal state occurs, the test case is invalid, and the invalid test case should be discarded at the moment, and the test is ended.
In the kernel ambiguity test process, the ambiguity test tool takes the kernel code coverage rate as the basis when selecting seeds. However, because the amount of kernel code is huge, and when aiming at certain specific requirements (such as fuzzy test on a designated position after patch repair), a coverage rate guiding mode is adopted, a large amount of resources are often consumed on test cases which cannot reach a target site, so that the running time is too long, and finally, the efficiency and the effectiveness of test work are obviously unbalanced.
Disclosure of Invention
The invention aims to provide a seed mutation method for the kernel directional fuzzy test of an operating system, which has high reliability, high efficiency and good mutation effect.
The second objective of the present invention is to provide a testing method including the seed mutation method for kernel directional ambiguity test of the operating system.
The seed mutation method for the kernel orientation fuzzy test of the operating system provided by the invention comprises the following steps:
s1, acquiring data information of a target operating system;
s2, carrying out static analysis on kernel source codes of a target operating system according to the data information obtained in the step S1, and constructing a function call graph and a control flow graph by taking functions and basic blocks as granularity;
s3, integrating the function call graph and the control flow graph constructed in the step S2 to obtain an inter-process control flow graph;
s4, performing kernel distance calculation on the target position to be detected and the inter-process control flow graph to obtain a distance measurement of the kernel code relative to the target position;
s5, evaluating seeds of the existing kernel seed library according to the distance measurement value of the kernel code relative to the target position, which is obtained in the step S4, and selecting seeds meeting the set conditions;
s6, according to the distance measurement obtained in the step S4, carrying out quality grading and energy distribution on the seeds obtained in the step S5 based on the function granularity grading and the basic block granularity grading to obtain test case seeds with different energies;
and S7, carrying out self-adaptive mutation on the test case seeds according to the coverage information of the test case seeds obtained in the step S6, and completing the seed mutation of the kernel directional fuzzy test of the operating system.
The step S2 specifically comprises the following steps:
performing static analysis on kernel source codes of a target operating system according to the data information acquired in the step S1, and constructing a function call graph and a control flow graph; wherein, on the function call graph, if there is a functionCalling function->The call relationship is expressed as +.>The method comprises the steps of carrying out a first treatment on the surface of the For function->If basic block is existed on control flow graph +.>Point to->The control flow relation is expressed as +.>The method comprises the steps of carrying out a first treatment on the surface of the Meanwhile, the generated function call graph takes the function as granularity, and the generated control flow graph takes the basic block as granularity.
The step S4 specifically comprises the following steps:
A. mapping the kernel source code position of the target operating system to graph structure nodes of the inter-process control flow graph, and determining the kernel code position corresponding to each node in the function call graph and each basic block node in the intra-function control flow graph; setting the target to-be-measured position set asTThe location is represented on the inter-process control flow graph as a set of objective functionsAnd target basic block set->The method comprises the steps of carrying out a first treatment on the surface of the Each target position->Represented as an objective function in a function call graph +.>And target basic block in function control flow graph +.>;
B. Calculating the granularity distance of the function according to the function call graph;
C. and calculating the granularity distance of the basic block according to the control flow graph.
The step B specifically comprises the following steps:
for the target positionThere are several paths to reach the reachable objective function; the more the number of occurrences of the modulated function, the smaller the distance to the function is considered; therefore, the corresponding first influence factor +.>:
for reachable objective functionsThe more the number of basic blocks of the objective function included in the reachable objective function is, the more paths of the objective function are called; therefore, the corresponding second influence factor +.>:
Defining kernel functionsTo the objective function set->Is the kernel function to target function setThe harmonic mean of the distances of all objective functions in (a) and expressed as
The step C specifically comprises the following steps:
for the same functionAny two basic blocks in->Point to->Define basic block distance +.>To be in the function->Control flow graph of->In (1) from->To->Is the distance of the shortest path of (a);
definition of the definitionIs a function->Control flow graph of->Basic block->A set of functions called; at the same time +.>In reachable objective function->Is defined as +.>And is expressed asWherein->Precursor nodes for all functions in the objective function set;
defining reachable objective function sets in inter-process control flow graphsThe basic block set is +.>And is expressed asWhereinFA set of all functions in the function call graph;
finally, the basic blocks in the inter-process control flow graph are calculated by adopting the following formulasRelative target basic block->Distance of->:
The quality score of step S6 specifically includes the following steps:
setting the seed set of the kernel seed library asP,PThe basic block set covered is,PThe covered function set is;
In->To test seedspA set of basic blocks covered; />For the collection->The number of basic blocks in (a);
In->The minimum value of the basic block granularity scores of all seeds in the kernel seed library; />The maximum value of the basic block granularity scores of all seeds in the kernel seed library;
seed calculation using the following algorithmpRelative to the set of objective functionsClosing deviceDistance of->:
In->Is seeds ofpA set of covered functions; />A function set of functions covered by all reachable seeds on the function call graph; />For reaching the target function on the function call graph +.>Is a function set of (a);
In->The method comprises the steps of collecting granularity distances of all seed functions in a current seed library; />The minimum value of the granularity distance of the seed function in the current seed library; />The maximum value of the granularity distance of the seed function in the current seed library;
according to the seed basic blockParticle size scoringAnd seed function granularity score->Calculating the quality score of the final seed>Is->The method comprises the steps of carrying out a first treatment on the surface of the The higher the quality score of the seed, the closer the seed is to the target to be measured, and the higher the energy allocated.
The step S7 specifically comprises the following steps:
if it isGreater than a set mutation threshold->Then seed the current test casesFine grain variation is carried out;
if it isNot more than the set mutation threshold +.>Then seed the current test casesPerforming coarse granularity variation;
b. correcting the variation probability of each test case seed:
for the test case seeds with fine granularity variation, judging again:
if the coverage information of the current seed can reach the target site, increasing the fine granularity mutation probability of the current seed;
if the coverage information of the current seed can not reach the target site, maintaining the fine granularity mutation probability of the current seed;
for the test case seeds with coarse granularity variation, judging again:
if the coverage information of the current seed can reach the target site, maintaining the coarse-granularity mutation probability of the current seed;
if the coverage information of the current seed can not reach the target site, increasing the coarse-granularity mutation probability of the current seed;
c. and carrying out corresponding mutation on each test case seed according to the modified mutation probability, and completing the seed mutation of the kernel directional fuzzy test of the operating system.
The step b specifically comprises the following steps:
for the test case seeds with fine granularity variation, judging again:
if the coverage information of the current seed can reach the target site, increasing the fine granularity mutation probability of the current seed, wherein the increased fine granularity mutation probability is that;
If the coverage information of the current seed can not reach the target site, maintaining the fine granularity mutation probability of the current seed as;
For the test case seeds with coarse granularity variation, judging again:
if the coverage information of the current seed can reach the target site, maintaining the coarse granularity mutation probability of the current seed as;
If the coverage information of the current seed can not reach the target site, increasing the coarse-grained mutation probability of the current seed, wherein the increased coarse-grained mutation probability is that;
Wherein the method comprises the steps ofConstant ratio for a set fine-grained mutation, +.>Is a set constant ratio.
The invention also discloses a testing method of the seed variation method comprising the kernel directional ambiguity test of the operating system, which further comprises the following steps:
s8, taking the non-mutated test case seeds and mutated test case seeds as test cases;
s9, putting the test case obtained in the step S8 into a tested kernel of the target operating system for execution, and monitoring the execution state at the same time;
s10, according to the execution state obtained in the step S9, testing is completed.
The step S10 specifically comprises the following steps:
(1) If the current test case covers a new kernel position during execution, the test case is put into a seed pool for subsequent testing;
if the current test case does not cover the new kernel position during execution, carrying out subsequent judgment:
(2) If the current test case has set abnormal behavior in the executing process, acquiring a kernel operation security violation report of the current test case, and ending the test;
if the current test case does not have the set abnormal behavior in the executing process, the test case is directly discarded, and the test is ended.
According to the seed variation method and the seed variation test method for the kernel directional fuzzy test of the operating system, provided by the invention, the distance measurement of the kernel code relative to the target position to be tested is introduced, the seed quality score is calculated according to the distance measurement, the high-quality seed closest to the target position to be tested is obtained according to the seed score, energy is distributed according to the seed quality, and the variation of proper granularity is developed on the seed according to the energy distribution difference, so that the seed can be subjected to self-adaptive variation to obtain a reasonable number of test cases; therefore, the method of the invention not only can ensure that high-quality seeds are subjected to preferential mutation execution and realize the high reliability, high efficiency and excellent mutation effect of the seed mutation, but also can ensure that the resource cost of the subsequent test process is less, the test time is shortened and the test efficiency is higher.
Drawings
FIG. 1 is a schematic flow chart of a variation method of the present invention.
FIG. 2 is a flow chart of the testing method of the present invention.
Detailed Description
FIG. 1 is a schematic flow chart of the mutation method of the present invention: the seed mutation method for the kernel orientation fuzzy test of the operating system provided by the invention comprises the following steps:
s1, acquiring data information of a target operating system;
s2, carrying out static analysis on kernel source codes of a target operating system according to the data information obtained in the step S1, and constructing a function call graph and a control flow graph by taking functions and basic blocks as granularity; the method specifically comprises the following steps:
performing static analysis on kernel source codes of a target operating system according to the data information acquired in the step S1, and constructing a function call graph and a control flow graph; wherein, on the function call graph, if there is a functionCalling function->The call relationship is expressed as +.>The method comprises the steps of carrying out a first treatment on the surface of the For function->If basic block is existed on control flow graph +.>Point to->The control flow relation is expressed as +.>The method comprises the steps of carrying out a first treatment on the surface of the Meanwhile, the generated function call graph takes the function as granularity, and the generated control flow graph takes the basic block as granularity;
s3, integrating the function call graph and the control flow graph constructed in the step S2 to obtain an inter-process control flow graph;
s4, performing kernel distance calculation on the target position to be detected and the inter-process control flow graph to obtain a distance measurement of the kernel code relative to the target position; the method specifically comprises the following steps:
A. mapping the kernel source code position of the target operating system to graph structure nodes of the inter-process control flow graph, and determining the kernel code position corresponding to each node in the function call graph and each basic block node in the intra-function control flow graph; setting the target to-be-measured position set asTThe location is represented on the inter-process control flow graph as a set of objective functionsAnd target basic block set->The method comprises the steps of carrying out a first treatment on the surface of the Each target position->Represented as an objective function in a function call graph +.>And target basic block in function control flow graph +.>;
B. Calculating the granularity distance of the function according to the function call graph; the method specifically comprises the following steps:
for the target positionThere are several paths to reach the reachable objective function; the more the number of occurrences of the modulated function, the smaller the distance to the function is considered; therefore, the corresponding first influence factor +.>:
for reachable objective functionsThe more the number of basic blocks of the objective function included in the reachable objective function is, the more paths of the objective function are called; therefore, the corresponding second influence factor +.>:
Defining kernel functionsTo the objective function set->Is the kernel function to target function setThe harmonic mean of the distances of all objective functions in (a) and expressed as
The method comprises the steps of carrying out a first treatment on the surface of the This definition indicates that if->Can reach a certain objective function->Then the objective function->Must be in the aggregate->In (a) and (b);
C. calculating the granularity distance of the basic block according to the control flow graph; the method specifically comprises the following steps:
for the same functionAny two basic blocks in->Point to->Define basic block distance +.>To be in the function->Control flow graph of->In (1) from->To->Is the distance of the shortest path of (a);
definition of the definitionIs a function->Control flow graph of->Basic block->A set of functions called; at the same time +.>In reachable objective function->Is defined as +.>And watchShown as
defining reachable objective function sets in inter-process control flow graphsThe basic block set is +.>And is expressed as
WhereinFA set of all functions in the function call graph; the definition indicates any basic blocks in the inter-process control flow graphbb m In the called function set, if there is a function of the reachable target function on the function call graph, the basic blocks are all inTrans b In (a) and (b);
finally, the basic blocks in the inter-process control flow graph are calculated by adopting the following formulasRelative target basic block->Distance of->:
In the middle ofcThe method is used for controlling the influence of the function granularity distance on the basic block granularity distance;
s5, evaluating seeds of the existing kernel seed library according to the distance measurement value of the kernel code relative to the target position, which is obtained in the step S4, and selecting seeds meeting the set conditions;
s6, according to the distance measurement obtained in the step S4, carrying out quality grading and energy distribution on the seeds obtained in the step S5 based on the function granularity grading and the basic block granularity grading to obtain test case seeds with different energies; wherein, the quality score specifically comprises the following steps:
setting the seed set of the kernel seed library asP,PThe basic block set covered is,PThe covered function set is;
In->To test seedspA set of basic blocks covered;for the collection->The number of basic blocks in (a);
In->The minimum value of the basic block granularity scores of all seeds in the kernel seed library; />The maximum value of the basic block granularity scores of all seeds in the kernel seed library;
seed calculation using the following algorithmpWith respect to a set of objective functionsDistance of->:
In->Is seeds ofpA set of covered functions;a function set of functions covered by all reachable seeds on the function call graph; />For reaching the target function on the function call graph +.>Is a function set of (a);
In->The method comprises the steps of collecting granularity distances of all seed functions in a current seed library; />The minimum value of the granularity distance of the seed function in the current seed library; />The maximum value of the granularity distance of the seed function in the current seed library;
scoring according to seed basic block granularityAnd seed function granularity score->Calculating the quality score of the final seed>Is->The method comprises the steps of carrying out a first treatment on the surface of the The higher the quality score of the seed, the closer the seed is to the target to be measured, and the higher the energy is distributed;
s7, carrying out self-adaptive variation on the test case seeds according to the coverage information of the test case seeds obtained in the step S6, and completing the seed variation of the kernel directional fuzzy test of the operating system; the method specifically comprises the following steps:
if it isGreater than a set mutation threshold->Then seed the current test casesFine grain variation is carried out;
if it isNot more than the set mutation threshold +.>Then seed the current test casesPerforming coarse granularity variation;
b. correcting the variation probability of each test case seed:
for the test case seeds with fine granularity variation, judging again: if the coverage information of the current seed can reach the target site, increasing the fine granularity mutation probability of the current seed; preferably, the increased fine grain mutation probability is;
If the coverage information of the current seed can not reach the target site, maintaining the fine granularity mutation probability of the current seed; preferably, the fine grain mutation probability of the current seed is maintained as follows
For the test case seeds with coarse granularity variation, judging again:
if the coverage information of the current seed can reach the target site, maintaining the coarse-granularity mutation probability of the current seed; preferably, the mutation probability of maintaining the coarse granularity of the current seed is;
If the coverage information of the current seed can not reach the target site, increasing the coarse-granularity mutation probability of the current seed; preferably, the increased coarse-grained mutation probability is;
Wherein the method comprises the steps ofTo be set upConstant ratio of fine-grained mutations, +.>Is a set constant ratio;
c. and carrying out corresponding mutation on each test case seed according to the modified mutation probability, and completing the seed mutation of the kernel directional fuzzy test of the operating system.
Table 1 shows a comparison of the number of defects found in the test on the target site in the examples of the present invention. In this embodiment, as can be seen from the experimental results, the number of defects found by the directional kernel ambiguity test method in 8 hours is better than that of the general kernel ambiguity test. The average number of defects found by the general kernel fuzzy test is 2.33, and the average number of defects found by the directional kernel fuzzy test is 4.67.
TABLE 1 comparative schematic table of the number of relevant defects found for the target site-specific test
As can be seen from Table 1, the experiments were also performed for 8 hours, and the directional core ambiguity test was able to find an average of 2.34 more than the general core ambiguity test. It can be seen that according to the optimization of the present invention, seeds that reach the target site more quickly and with better quality can be indeed screened out.
FIG. 2 is a flow chart of the test method according to the present invention: the invention provides a testing method of a seed variation method comprising the kernel directional ambiguity test of an operating system, which comprises the following steps:
s1, acquiring data information of a target operating system;
s2, carrying out static analysis on kernel source codes of a target operating system according to the data information obtained in the step S1, and constructing a function call graph and a control flow graph by taking functions and basic blocks as granularity;
s3, integrating the function call graph and the control flow graph constructed in the step S2 to obtain an inter-process control flow graph;
s4, performing kernel distance calculation on the target position to be detected and the inter-process control flow graph to obtain a distance measurement of the kernel code relative to the target position;
s5, evaluating seeds of the existing kernel seed library according to the distance measurement value of the kernel code relative to the target position, which is obtained in the step S4, and selecting seeds meeting the set conditions;
s6, according to the distance measurement obtained in the step S4, carrying out quality grading and energy distribution on the seeds obtained in the step S5 based on the function granularity grading and the basic block granularity grading to obtain test case seeds with different energies;
s7, carrying out self-adaptive variation on the test case seeds according to the coverage information of the test case seeds obtained in the step S6, and completing the seed variation of the kernel directional fuzzy test of the operating system;
s8, taking the non-mutated test case seeds and mutated test case seeds as test cases;
s9, putting the test case obtained in the step S8 into a tested kernel of the target operating system for execution, and monitoring the execution state at the same time;
s10, completing the test according to the execution state obtained in the step S9; the method specifically comprises the following steps:
(1) If the current test case covers a new kernel position during execution, the test case is put into a seed pool for subsequent testing;
if the current test case does not cover the new kernel position during execution, carrying out subsequent judgment:
(2) If the current test case has abnormal behavior in the executing process, acquiring a kernel operation security violation report of the current test case, and ending the test;
if the current test case does not have abnormal behavior in the execution process, the test case is directly discarded, and the test is ended.
Claims (3)
1. A seed mutation method for an operating system kernel orientation ambiguity test is characterized by comprising the following steps:
s1, acquiring data information of a target operating system;
s2, carrying out static analysis on kernel source codes of a target operating system according to the data information obtained in the step S1, and constructing a function call graph and a control flow graph by taking functions and basic blocks as granularity; the method specifically comprises the following steps:
performing static analysis on kernel source codes of a target operating system according to the data information acquired in the step S1, and constructing a function call graph and a control flow graph; wherein, on the function call graph, if there is a functionCalling function->The call relationship is expressed asThe method comprises the steps of carrying out a first treatment on the surface of the For function->If basic block is existed on control flow graph +.>Point to->Then the control flow relationship is expressed asThe method comprises the steps of carrying out a first treatment on the surface of the Meanwhile, the generated function call graph takes the function as granularity, and the generated control flow graph takes the basic block as granularity;
s3, integrating the function call graph and the control flow graph constructed in the step S2 to obtain an inter-process control flow graph;
s4, performing kernel distance calculation on the target position to be detected and the inter-process control flow graph to obtain a distance measurement of the kernel code relative to the target position; the method specifically comprises the following steps:
A. kernel source code of target operating systemThe position is mapped to a graph structure node of the inter-process control flow graph, and the positions of kernel codes corresponding to each node in the function call graph and each basic block node in the intra-function control flow graph are determined; setting the target to-be-measured position set asTThe location is represented on the inter-process control flow graph as a set of objective functionsAnd target basic block set->The method comprises the steps of carrying out a first treatment on the surface of the Each target position->Represented as an objective function in a function call graph +.>And target basic block in function control flow graph +.>;
B. Calculating the granularity distance of the function according to the function call graph; the method specifically comprises the following steps:
for the target positionThere are several paths to reach the reachable objective function; the more the number of occurrences of the modulated function, the smaller the distance to the function is considered; therefore, the corresponding first influence factor +.>:
for reachable objective functionsThe more the number of basic blocks of the objective function included in the reachable objective function is, the more paths of the objective function are called; therefore, the corresponding second influence factor +.>:
Defining kernel functionsTo the objective function set->The function granularity distance of (2) is kernel function to target function set +.>A harmonic mean of the distances of all objective functions in the system,and is expressed as:
C. Calculating the granularity distance of the basic block according to the control flow graph; the method specifically comprises the following steps:
for the same functionAny two basic blocks in->Point to->Define basic block distance +.>To be in the function->Control flow graph of->In (1) from->To->Is the distance of the shortest path of (a);
definition of the definitionIs a function->Control flow graph of->Basic block->A set of functions called; at the same time +.>In reachable objective function->Is defined as +.>And is expressed asWherein->Precursor nodes for all functions in the objective function set;
defining reachable objective function sets in inter-process control flow graphsThe basic block set is +.>And is expressed asWhereinFA set of all functions in the function call graph;
finally, the basic blocks in the inter-process control flow graph are calculated by adopting the following formulasRelative target basic block->Distance of (2):
s5, evaluating seeds of the existing kernel seed library according to the distance measurement value of the kernel code relative to the target position, which is obtained in the step S4, and selecting seeds meeting the set conditions;
s6, according to the distance measurement obtained in the step S4, carrying out quality grading and energy distribution on the seeds obtained in the step S5 based on the function granularity grading and the basic block granularity grading to obtain test case seeds with different energies; the method specifically comprises the following steps:
setting the seed set of the kernel seed library asP,PThe basic block set covered is,PThe covered function set is +.>;
Seed calculation using the following algorithmpRelative to a target basic block setDistance of->:In->To test seedspA set of basic blocks covered; />For the collection->The number of basic blocks in (a);
the seed basic block granularity score is calculated by adopting the following formula:/>In->The minimum value of the basic block granularity scores of all seeds in the kernel seed library; />The maximum value of the basic block granularity scores of all seeds in the kernel seed library;
seed calculation using the following algorithmpWith respect to a set of objective functionsDistance of->:
In->Is seeds ofpA set of covered functions;a function set of functions covered by all reachable seeds on the function call graph; />For reaching the target function on the function call graph +.>Is a function set of (a);
the seed function granularity score is calculated by adopting the following formula:/>In->The method comprises the steps of collecting granularity distances of all seed functions in a current seed library; />The minimum value of the granularity distance of the seed function in the current seed library; />The maximum value of the granularity distance of the seed function in the current seed library;
scoring according to seed basic block granularityAnd seed function granularity score->Calculating the quality score of the final seed>Is->The method comprises the steps of carrying out a first treatment on the surface of the The higher the quality score of the seed, the closer the seed is to the target to be measured, and the higher the energy is distributed;
s7, carrying out self-adaptive variation on the test case seeds according to the coverage information of the test case seeds obtained in the step S6, and completing the seed variation of the kernel directional fuzzy test of the operating system; the method specifically comprises the following steps:
if it isGreater than a set mutation threshold->Then seed the current test casesFine grain variation is carried out;
if it isNot more than the set mutation threshold +.>Then seed the current test casesPerforming coarse granularity variation;
b. correcting the variation probability of each test case seed:
for the test case seeds with fine granularity variation, judging again:
if the coverage information of the current seed can reach the target site, increasing the fine granularity mutation probability of the current seed;
if the coverage information of the current seed can not reach the target site, maintaining the fine granularity mutation probability of the current seed;
for the test case seeds with coarse granularity variation, judging again:
if the coverage information of the current seed can reach the target site, maintaining the coarse-granularity mutation probability of the current seed;
if the coverage information of the current seed can not reach the target site, increasing the coarse-granularity mutation probability of the current seed;
the specific implementation method comprises the following steps:
for the test case seeds with fine granularity variation, judging again:
if the coverage information of the current seed can reach the target site, increasing the fine granularity mutation probability of the current seed, wherein the increased fine granularity mutation probability is that;
If the coverage information of the current seed can not reach the target site, maintaining the fine granularity mutation probability of the current seed as;
For the test case seeds with coarse granularity variation, judging again:
if the coverage information of the current seed can reach the target site, maintaining the coarse granularity mutation probability of the current seed as;
If the coverage information of the current seed can not reach the target site, increasing the coarse-grained mutation probability of the current seed, wherein the increased coarse-grained mutation probability is that;
Wherein the method comprises the steps ofConstant ratio for a set fine-grained mutation, +.>For a set constant ratio
c. And carrying out corresponding mutation on each test case seed according to the modified mutation probability, and completing the seed mutation of the kernel directional fuzzy test of the operating system.
2. A test method comprising the seed variation method of the kernel orientation ambiguity test of claim 1, further comprising the steps of:
s8, taking the non-mutated test case seeds and mutated test case seeds as test cases;
s9, putting the test case obtained in the step S8 into a tested kernel of the target operating system for execution, and monitoring the execution state at the same time;
s10, according to the execution state obtained in the step S9, testing is completed.
3. The test method according to claim 2, wherein the step S10 comprises the following steps:
(1) If the current test case covers a new kernel position during execution, the test case is put into a seed pool for subsequent testing;
if the current test case does not cover the new kernel position during execution, carrying out subsequent judgment:
(2) If the current test case has set abnormal behavior in the executing process, acquiring a kernel operation security violation report of the current test case, and ending the test;
if the current test case does not have the set abnormal behavior in the executing process, the test case is directly discarded, and the test is ended.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310288727.3A CN116069672B (en) | 2023-03-23 | 2023-03-23 | Seed variation method and test method for kernel directional fuzzy test of operating system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310288727.3A CN116069672B (en) | 2023-03-23 | 2023-03-23 | Seed variation method and test method for kernel directional fuzzy test of operating system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN116069672A CN116069672A (en) | 2023-05-05 |
CN116069672B true CN116069672B (en) | 2023-07-04 |
Family
ID=86171731
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202310288727.3A Active CN116069672B (en) | 2023-03-23 | 2023-03-23 | Seed variation method and test method for kernel directional fuzzy test of operating system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN116069672B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117033248B (en) * | 2023-10-08 | 2024-01-26 | 中国海洋大学 | Web fuzzy test method based on program state feedback and control flow diagram |
CN118260209A (en) * | 2024-05-24 | 2024-06-28 | 摩尔线程智能科技(北京)有限责任公司 | Code testing method and device, electronic equipment and storage medium |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7530107B1 (en) * | 2007-12-19 | 2009-05-05 | International Business Machines Corporation | Systems, methods and computer program products for string analysis with security labels for vulnerability detection |
US10380350B1 (en) * | 2019-01-15 | 2019-08-13 | Cyberark Software Ltd. | Efficient and comprehensive source code fuzzing |
CN112506564A (en) * | 2021-02-04 | 2021-03-16 | 中国人民解放军国防科技大学 | Method, system and medium for establishing control flow graph |
CN112559367A (en) * | 2020-12-23 | 2021-03-26 | 南京大学 | Kernel fuzzy test case generation method based on system call dependency graph |
CN113076545A (en) * | 2021-04-20 | 2021-07-06 | 湖南大学 | Deep learning-based kernel fuzzy test sequence generation method |
KR102289574B1 (en) * | 2020-05-14 | 2021-08-13 | 한국과학기술원 | Method and apparatus for grey-box fuzzing with distance-based fitness function |
CN114077742A (en) * | 2021-11-02 | 2022-02-22 | 清华大学 | Intelligent software vulnerability mining method and device |
CN114428733A (en) * | 2022-01-19 | 2022-05-03 | 南京大学 | Kernel data competition detection method based on static program analysis and fuzzy test |
CN114662519A (en) * | 2022-05-24 | 2022-06-24 | 武汉朗修科技有限公司 | QR code blind deblurring method based on position detection graph gradient and strength prior |
CN115828260A (en) * | 2022-11-18 | 2023-03-21 | 上海交通大学 | Multi-machine collaborative vulnerability detection system based on vulnerability clustering and distance space division |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112286823A (en) * | 2020-11-18 | 2021-01-29 | 山石网科通信技术股份有限公司 | Method and device for testing kernel of operating system |
US11366748B1 (en) * | 2020-11-30 | 2022-06-21 | Irdeto B.V. | Fuzzy testing a software system |
KR102578430B1 (en) * | 2021-08-13 | 2023-09-15 | 한국과학기술원 | Type-aware windows kernel fuzzing method based on static binary analysis |
CN114840437B (en) * | 2022-05-24 | 2023-04-07 | 中南大学 | Operating system kernel fuzzy test seed evaluation distribution method |
-
2023
- 2023-03-23 CN CN202310288727.3A patent/CN116069672B/en active Active
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7530107B1 (en) * | 2007-12-19 | 2009-05-05 | International Business Machines Corporation | Systems, methods and computer program products for string analysis with security labels for vulnerability detection |
US10380350B1 (en) * | 2019-01-15 | 2019-08-13 | Cyberark Software Ltd. | Efficient and comprehensive source code fuzzing |
KR102289574B1 (en) * | 2020-05-14 | 2021-08-13 | 한국과학기술원 | Method and apparatus for grey-box fuzzing with distance-based fitness function |
CN112559367A (en) * | 2020-12-23 | 2021-03-26 | 南京大学 | Kernel fuzzy test case generation method based on system call dependency graph |
CN112506564A (en) * | 2021-02-04 | 2021-03-16 | 中国人民解放军国防科技大学 | Method, system and medium for establishing control flow graph |
CN113076545A (en) * | 2021-04-20 | 2021-07-06 | 湖南大学 | Deep learning-based kernel fuzzy test sequence generation method |
CN114077742A (en) * | 2021-11-02 | 2022-02-22 | 清华大学 | Intelligent software vulnerability mining method and device |
CN114428733A (en) * | 2022-01-19 | 2022-05-03 | 南京大学 | Kernel data competition detection method based on static program analysis and fuzzy test |
CN114662519A (en) * | 2022-05-24 | 2022-06-24 | 武汉朗修科技有限公司 | QR code blind deblurring method based on position detection graph gradient and strength prior |
CN115828260A (en) * | 2022-11-18 | 2023-03-21 | 上海交通大学 | Multi-machine collaborative vulnerability detection system based on vulnerability clustering and distance space division |
Non-Patent Citations (1)
Title |
---|
结合混合符号执行的导向式灰盒模糊测试技术;戴渭;陆余良;朱凯龙;;计算机工程(08);全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN116069672A (en) | 2023-05-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN116069672B (en) | Seed variation method and test method for kernel directional fuzzy test of operating system | |
CN111985796B (en) | Method for predicting concrete structure durability based on random forest and intelligent algorithm | |
CN107272667B (en) | A kind of industrial process fault detection method based on parallel Partial Least Squares | |
JP2018532214A (en) | Integrated method and system for identifying functional patient-specific somatic abnormalities using multi-omic cancer profiles | |
CN111916150A (en) | Method and device for detecting genome copy number variation | |
CN111507518A (en) | Wavelet neural network concrete impermeability prediction method based on random forest | |
CN114840437B (en) | Operating system kernel fuzzy test seed evaluation distribution method | |
CN115018117A (en) | Building construction progress prediction and supervision system based on big data | |
WO2023236387A1 (en) | Method and apparatus for predicting element information, and device and medium | |
CN111833970B (en) | Cement clinker quality characterization parameter prediction model construction method and application thereof | |
CN116886329A (en) | Quantitative index optimization method for industrial control system safety | |
CN110991079A (en) | Oil and gas reservoir parameter interpretation method and device based on neural network and electronic equipment | |
CN113242213B (en) | Power communication backbone network node vulnerability diagnosis method | |
CN108229586B (en) | The detection method and system of a kind of exceptional data point in data | |
CN116303082A (en) | Seed scheduling and evaluating method for fuzzy test of kernel of operating system | |
CN115509931A (en) | System-based performance test method and device, electronic equipment and storage medium | |
Liang et al. | Rlf: Directed fuzzing based on deep reinforcement learning | |
Renard et al. | Spatiotemporal ICA improves the selection of differentially expressed genes. | |
CN114334033A (en) | Screening method, system and terminal for molecular descriptors of anti-breast cancer candidate drugs | |
CN111949555A (en) | Random test method and device based on multi-dimensional vector and rule script | |
CN117973087B (en) | Big data prediction method based on multi-modal digital twin technology | |
CN110490226A (en) | A kind of recognition methods and equipment | |
Liu et al. | Time-to-event supervised genetic algorithm enables induction chemotherapy decision making for nasopharyngeal carcinoma | |
TWI723941B (en) | Defect classification device, defect classification program | |
CN118314964A (en) | Construction and use method and device of microorganism related metabolite prediction model |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |