標題: | 藉由排程文件物件模型資料之變異與生成 進行瀏覽器模糊測試 Browser Fuzzing by Scheduled Mutation and Generation of Document Object Models |
作者: | 廖峰澤 Liao, Feng-Ze 林盈達 Lin, Ying-Dar 網路工程研究所 |
關鍵字: | 瀏覽器模糊測試;黑箱測試;漏洞;失控;突變;排程法;DOM;browser fuzzing;black-box fuzzing;vulnerabilities;exploits;mutation;scheduling;document object model;DOM |
公開日期: | 2015 |
摘要: | 網路應用已成為日常不可或缺的一部分,但這些應用系統若被有心者入侵利用,卻可能造成安全性的威脅。因此,尋找與修復弱點、以避免被利用,為當務之急。模糊測試是目前被廣泛運用找尋軟體漏洞的方法,可藉由變異種子測資來有效找尋軟體的弱點。這些方法對 Web 瀏覽器而言仍有不足之處,我們於是提出 DOM 模糊測試排程法(簡稱 SDF),整合多種瀏覽器的測試工具與稱為 BFF 的排程模糊測試框架。我們也提出一個新的機率模式,改善種子選擇與動態變異過程,更有效地產生更多失控的測資。實驗顯示,SDF 生成的失控測資數量,與比較對象衡量,多達2.27倍。我們也在Windows7環境下發現二十三個可脅迫的失控測資。顯示一個較佳的排程法及架構,可改善瀏覽器的模糊測試效能。 Internet applications have made our daily life fruitful. However, they also cause many security problems if these applications are leveraged by intruders. Thus, it is important to find and fix vulnerabilities timely to prevent application vulnerabilities from being exploited. Fuzz testing is a popular methodology that effectively finds vulnerabilities in application programs with seed input mutation. However, it is not a satisfied solution for the web browsers. In this work, we propose a solution, called scheduled DOM fuzzing (SDF), which integrates several related browser fuzzing tools and the fuzzing framework called BFF. To explore more crash possibilities, we revise the browser fuzzing architecture and schedule seed input selection and mutation dynamically. We also propose two probability computing methods in scheduling mechanism which tries to improve the performance by determining which combinations of seed and mutation would produce more crashes. Our experiments show that SDF is 2.27 time more efficient in terms of the number of crashes and vulnerabilities found at most. SDF also has the capacity for finding 23 exploitable crashes in Windows 7 within five days. The experimental results reveals that a good scheduling method for seed and mutations in browser fuzzing is able to find more exploitable crashes than fuzzers with the fixed seed input. |
URI: | http://140.113.39.130/cdrfb3/record/nctu/#GT070256541 http://hdl.handle.net/11536/126188 |
Appears in Collections: | Thesis |