操控程式輸入測試以自動產生系統攻擊資料

Abstract

非經授權之用戶必須有正當授權方能執行之程式區域，我們稱為「程式禁區」。此計畫 將運用完全覆蓋測試方法，產生合適之輸入資料、不須授權資料而能進入程式禁區， 以驗證此系統程式是否存在可能之安全缺陷。若要進入程式禁區，我們必須設計一個 完整框架，整合程式錯誤偵測、輸入資料污染追蹤、與擬真執行、及高階性質驗證。 若程式遭致錯誤，特別是遇到控制資料被破壞，則執行狀態將進入一個被污染而不穩 定的情況。根據此，我們將測試此控制資料能否被操控，成為污染可操控性。此計畫 將產生測試資料，以驗證能否進動進入程式禁區。

If unauthorized users cannot execute code needing normal authorization, we mean this code section to be a forbidden area. We want to explore if the full path coverage tester can generate suitable input without authorization to enter a forbidden area of a software system, especially for mobile platforms. To enter the forbidden area (FA), we will design a framework, with components to integrate failure detector, taint tracker, Concolic tester, and a high level property checker. If we encounter a software failure, especially, with a corrupted control and data state, the execution will be brought into a fuzz state by some kind of tainted input. Based on the uncontrolled input, we want to test if they are controllable tainted input, called their taintedness. The project will generate input to enter FA automatically, and evaluated with several benchmark programs, not currently with plausible input by fuzzers like zzuf and catchconv.