Dai Huning, Murphy Christian, Kaiser Gail
Proc Int Conf Availab Reliab Secur. 2010 Feb 15:525-530. doi: 10.1109/ares.2010.22.
Many software security vulnerabilities only reveal themselves under certain conditions, i.e., particular configurations of the software together with its particular runtime environment. One approach to detecting these vulnerabilities is fuzz testing, which feeds a range of randomly modified inputs to a software application while monitoring it for failures. However, typical fuzz testing makes no guarantees regarding the syntactic and semantic validity of the input, or of how much of the input space will be explored. To address these problems, in this paper we present a new testing methodology called configuration fuzzing. Configuration fuzzing is a technique whereby the configuration of the running application is randomly modified at certain execution points, in order to check for vulnerabilities that only arise in certain conditions. As the application runs in the deployment environment, this testing technique continuously fuzzes the configuration and checks "security invariants" that, if violated, indicate a vulnerability; however, the fuzzing is performed in a duplicated copy of the original process, so that it does not affect the state of the running application. In addition to discussing the approach and describing a prototype framework for implementation, we also present the results of a case study to demonstrate the approach's efficiency.
许多软件安全漏洞仅在特定条件下才会显现出来,即软件及其特定运行时环境的特定配置。检测这些漏洞的一种方法是模糊测试,它在监控软件应用程序是否出现故障的同时,向其输入一系列随机修改的输入数据。然而,典型的模糊测试无法保证输入数据的句法和语义有效性,也无法保证会探索多少输入空间。为了解决这些问题,在本文中我们提出了一种名为配置模糊测试的新测试方法。配置模糊测试是一种技术,通过在某些执行点随机修改正在运行的应用程序的配置,以检查仅在特定条件下出现的漏洞。当应用程序在部署环境中运行时,这种测试技术会持续对配置进行模糊测试,并检查“安全不变量”,如果违反这些不变量,则表明存在漏洞;然而,模糊测试是在原始进程的副本中进行的,因此不会影响正在运行的应用程序的状态。除了讨论该方法并描述一个用于实现的原型框架外,我们还展示了一个案例研究的结果,以证明该方法的效率。
