路徑限制式排程優化 Web 程式測試效能

Abstract

隨著軟體系統日益龐大，從最上層可能由PHP撰寫的應用程式、經過底層C與C++與作業系統的溝通介面，組成元件複雜，難以藉由人工的方式進行軟體測試，因此需要自動化的機制協助。其中符號執行（Symbolic execution）是最近廣為運用的自動化測試方法，也逐漸受大眾所重視。 我們過去有開發一個稱為 CRAXWeb的網頁測試系統。為了改善CRAXWeb的效能問題，本論文獨立蒐集處理路徑限制式，利用單一擬真路徑執行 (Concolic Execution)的特性，於原系統外進行路徑限制式的管理。我們整合Python語言與KLEE 內部元件Kleaver solver，避免重複執行符號執行、減少解路徑限制式花費的時間。透過此法來達到彈性化產生 Web攻擊代碼的攻擊限制式 (Payload Constraint)。同時導入符號化變異模糊測試排程法，透過加入適當的路徑限制式，減少測試web application的時間。當限制式產生衝突情況時，可找出衝突的限制式，或結合原單一擬真路徑執行所產生的路徑，以優化攻擊與解決路徑限制式的時間。

As software is more complicated and larger, for the top level applications may be written in PHP and the low-level communication interface are written by C or C + + and may refer to some related operating system-level implementation, it is more difficult to perform software testing and system analysis manually and need supports of automatic testing. Symbolic execution is a popular testing method to automate the process and more people pay attention to this technique. In this work, we propose to improve our previous system for web application testing, called CRAXWeb. With the feature of single path concolic execution, we resolve the path constraint outside of the CRAXWeb by using kleaver, a constraint solver in KLEE to reduce the time of re-execution of symbolic execution. This method can be used to generate the payload more flexibly. We introduce the scheduling algorithm used for fuzz testing to generate the payload constraints. By adding the appropriate path constraints, we can reduce the time of testing web application and handle the conflict. We can get a new path different from the one generated by CRAXWeb and optimize the resolution time to produce the attack.