CN113419960A - Seed generation method and system for kernel fuzzy test of trusted operating system - Google Patents
Seed generation method and system for kernel fuzzy test of trusted operating system Download PDFInfo
- Publication number
- CN113419960A CN113419960A CN202110749360.1A CN202110749360A CN113419960A CN 113419960 A CN113419960 A CN 113419960A CN 202110749360 A CN202110749360 A CN 202110749360A CN 113419960 A CN113419960 A CN 113419960A
- Authority
- CN
- China
- Prior art keywords
- call
- system call
- kernel
- operating system
- trusted operating
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Prevention of errors by analysis, debugging or testing of software
- G06F11/3668—Testing of software
- G06F11/3672—Test management
- G06F11/3684—Test management for test design, e.g. generating new test cases
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Quality & Reliability (AREA)
- Stored Programmes (AREA)
Abstract
本发明公开了一种用于可信操作系统内核模糊测试的种子生成方法及系统,本发明方法包括:针对输入的系统调用文件L获取其中系统调用之间的依赖关系;根据系统调用之间的依赖关系生成用于可信操作系统内核模糊测试的种子;其中,系统调用之间的依赖关系包括显式依赖关系和隐式依赖关系,显式依赖关系是指一个系统调用的参数是另一个系统调用的结果;隐式依赖关系是指两个系统调用共同使用操作系统内核的某个共享区域。本发明能够有效提高对可信操作系统内核模糊测试的效率,保证可信操作系统的安全性和可靠性,一方面可以为漏洞分析提供依据;另一方面从网络攻防的角度考虑,有助于帮助维护者先于攻击者发现并及时修补漏洞。
The invention discloses a method and system for generating seeds for fuzz testing of trusted operating system kernels. The method of the invention includes: obtaining the dependencies between system calls in an input system call file L; Dependencies generate seeds for trusted OS kernel fuzzing; among them, the dependencies between system calls include explicit dependencies and implicit dependencies. Explicit dependencies mean that the parameter of one system call is another system call. The result of the call; an implicit dependency means that two system calls use a shared area of the operating system kernel in common. The invention can effectively improve the efficiency of fuzzing the trusted operating system kernel and ensure the security and reliability of the trusted operating system. On the one hand, it can provide a basis for vulnerability analysis; Help maintainers discover and patch vulnerabilities before attackers.
Description
Technical Field
The invention relates to a trusted operating system testing technology, in particular to a seed generation method and a seed generation system for kernel fuzzy testing of a trusted operating system.
Background
Currently, a trusted operating system has become an important method for preventing sensitive data from being leaked and tampered, and a kernel is the most important component in the operating system, so security research on the kernel is extremely important. The fuzzy test is used as an efficient vulnerability mining method and is widely applied to the field of kernel security of an operating system. The fuzzy test is a method for discovering software bugs by providing unexpected input to a target system and monitoring abnormal results, and has the advantages of high automation degree, good usability, low false alarm rate, no dependence on target program source codes and the like.
The first condition for performing fuzz testing is a large number of test cases, which are also referred to as initial seeds. The quality of the initial seed greatly affects the effectiveness of the fuzz testing. The seed generation method at the present stage is mainly divided into two types: a mutation-based seed generation method and a random-based seed generation method. On the basis of inputting a format to target software, automatically generating some test samples which do not meet a data specification based on a random method; the mutation-based method starts from a legal sample, and generates a malformed sample by modifying some data through an algorithm. In the process of generating the test cases, some heuristic generating strategies can often receive better effects. However, the conventional test seed generation method mainly uses manual coding, and has the disadvantages of low efficiency and high difficulty.
Disclosure of Invention
The technical problems to be solved by the invention are as follows: aiming at the problems in the prior art and the urgency of the kernel security analysis of the trusted operating system at present, the invention provides the seed generation method and the seed generation system for the kernel fuzzy test of the trusted operating system, which can effectively improve the kernel fuzzy test efficiency of the trusted operating system, ensure the security and the reliability of the trusted operating system and provide a basis for vulnerability analysis on one hand; on the other hand, the method is beneficial to helping maintainers to discover and repair the vulnerability in time before attackers from the viewpoint of network attack and defense.
In order to solve the technical problems, the invention adopts the technical scheme that:
a seed generation method for trusted operating system kernel fuzz testing, comprising:
1) establishing a dependency graph based on a trusted operating system kernel program W and acquiring an explicit dependency relationship among system calls, wherein the explicit dependency relationship means that a parameter of one system call is a result of another system call; performing control flow analysis based on a system call file L to obtain an implicit dependency relationship between system calls, wherein the implicit dependency relationship refers to a certain shared area of an operating system kernel which is commonly used by the two system calls;
2) and generating and extracting a kernel fuzz test seed of the trusted operating system according to the explicit and implicit dependency relations among the system calls.
Optionally, the step of establishing a dependency graph based on the trusted operating system kernel W in step 1) includes: traversing the system call set of a trusted operating system kernel program W, wherein each traversal of a system call firstly moves the system call into a processed set, then searches an upstream call in a program where the system call is located, finally, the parameters of the system call are selected in a traversal way, if the result of the upstream call or the result thereof is calculated as the current parameter, the upstream call is taken as a result node, the current call is taken as a parameter node and added into a dependency graph, and an edge is established between the two nodes, so that a dependency graph is obtained, wherein the dependency graph is a graph G (V, E) consisting of a finite set of vertices and a set of edges between the vertices, V is the set of vertices in the graph G, E is the set of edges in the graph G, and the vertex set V is divided into a result node and a parameter node which respectively represent the return value and the parameter of the system call, an edge exists between two nodes if the two nodes contain explicit dependencies.
Optionally, the step of obtaining the explicit dependency relationship between the system calls in step 1) includes: for each system call to be detected in the graph G (V, E), firstly, finding a corresponding parameter node in the graph G (V, E), then, searching all result nodes with edges existing with the parameter node, wherein the system call represented by the result nodes is a call with an explicit dependency relationship with the system call to be detected, and finally, obtaining the explicit dependency relationship among all the system calls.
Optionally, the step of performing control flow analysis in step 1) to obtain the implicit dependency relationship between the system calls includes:
1.1) generating an abstract syntax tree for the system call file L through lexical analysis and syntax analysis;
1.2) obtaining the implicit dependency relationship between the system calls based on the abstract syntax tree.
Optionally, step 1.1) comprises:
1.1.1) reading a system call file L, sequentially scanning the system call in the system call file L, and dividing the system call into words, wherein the words are a string of characters which can not be further divided in a source file;
1.1.2) obtaining a word sequence obtained by lexical analysis, judging whether the word sequence is generated according with a system calling grammar defined by a core of a trusted operating system, and generating an abstract syntax tree by all the word sequences generated according with the system calling grammar defined by the core of the trusted operating system.
Optionally, step 1.2) comprises: loading an abstract syntax tree obtained by analyzing system call into a memory, traversing the abstract syntax tree to analyze control flow, and analyzing the control flow through the following rules, wherein when resource dereferencing operation occurs in a conditional expression or a sub-expression thereof and indicates that the position of the expression contains read and write operations, the system call containing the expression is added into an implicit dependency set, and finally an implicit dependency set of which the table contains all implicit dependency relationships is obtained.
Optionally, step 2) comprises:
2.1) generating batch random seeds according to explicit and implicit dependency relations among all system calls;
2.2) sorting the random seeds according to the code coverage rate of the system call;
2.3) selecting the system call with the largest code coverage from the sorted random seeds, if the system call triggers a new code coverage area, recursively searching the system call with the dependency relationship thereof, and the system call with the dependency relationship with the arbitrarily selected system call A comprises: the explicit dependency relationship set u of the system call A and the implicit dependency item called in the explicit dependency relationship set u; implicit dependency of system call A, and explicit dependency upstream of the implicit dependency;
and 2.4) adding the selected system call and the system call which has a dependency relationship with the selected system call into an initial SEED, and taking the initial SEED as a finally generated kernel fuzzy test SEED of the trusted operating system.
Optionally, step 2.4) is followed by a step of storing the valid SEEDs in the initial SEED as a binary file, and the rule stored as the binary file includes: firstly, a binary file stores a seed, the seed can be analyzed into a plurality of system calls, and the arrangement sequence of the system calls is the execution sequence in a kernel; and the second system call comprises a serial number, types of a plurality of parameters and corresponding parameter values.
In addition, the invention also provides a seed generation system for the kernel fuzz test of the trusted operating system, which comprises a microprocessor and a memory which are connected with each other, wherein the microprocessor is programmed or configured to execute the steps of the seed generation method for the kernel fuzz test of the trusted operating system.
Furthermore, the present invention also provides a computer-readable storage medium having stored therein a computer program programmed or configured to execute the seed generation method for kernel fuzz testing of a trusted operating system.
Compared with the prior art, the invention has the following advantages: aiming at the exigency of the security analysis of the kernel of the trusted operating system at present, the method is oriented to the fuzzy test technology, and comprises the steps of establishing a dependency graph based on the kernel program W of the trusted operating system, obtaining an explicit dependency relationship among system calls, and generating and extracting a kernel fuzzy test seed of the trusted operating system according to the explicit and implicit dependency relationships among the system calls; the method can generate the test seeds with low call repetition rate, wide coverage range and high effective proportion, can automatically generate the initial seeds to improve the efficiency of the fuzzy test of the kernel of the trusted operating system, and can provide a basis for vulnerability analysis on one hand; on the other hand, the method is beneficial to helping maintainers to discover and repair the vulnerability in time before attackers from the viewpoint of network attack and defense.
Drawings
FIG. 1 is a schematic diagram of a basic flow of a method according to an embodiment of the present invention.
Fig. 2 is a schematic flow chart of explicit dependency analysis in the embodiment of the present invention.
Fig. 3 is a schematic diagram of a lookup process of explicit dependency relationships in the embodiment of the present invention.
Fig. 4 is a schematic diagram of a lookup process of an implicit dependency relationship in the embodiment of the present invention.
FIG. 5 is a schematic structural diagram of a kernel fuzzing system of a trusted operating system according to the method of the embodiment of the present invention.
Detailed Description
The hardware environment in this embodiment is mainly a PC host. The CPU of the PC host is Intel (R) core (TM) i5-4570, 3.20GHz, the memory is 4GB RAM, 64-bit operating system. The software implementation in this embodiment uses Ubuntu 1604 as a platform, C language development is used, and the control flow analysis tool is latch. The experimental data is OPEE OS, which is an open-source, trusted operating system maintained by Linaro corporation.
As shown in fig. 1, the seed generation method for kernel fuzz testing of a trusted operating system in this embodiment includes:
1) establishing a dependency graph based on a trusted operating system kernel program W and acquiring an explicit dependency relationship among system calls, wherein the explicit dependency relationship means that a parameter of one system call is a result of another system call; performing control flow analysis based on a system call file L to obtain an implicit dependency relationship between system calls, wherein the implicit dependency relationship refers to a certain shared area of an operating system kernel which is commonly used by the two system calls;
2) and generating and extracting a kernel fuzz test seed of the trusted operating system according to the explicit and implicit dependency relations among the system calls.
Fuzz testing generates a large number of input test programs by mutating the initial seeds, and if there are no valid seeds, the performance of fuzz testing can be significantly degraded. To ensure seed validity, dependencies between system calls are preserved. The dependency relationship between the system calls is divided into explicit dependency and implicit dependency, when the parameter of one system call A is the result of another system call B, the explicit dependency relationship exists between the A and the B; when a system call A and a system call B share a certain shared region of an operating system kernel, an implicit dependency relationship exists between the A and the B.
In this embodiment, the system call file L is composed of a system call sequence, the system call is a main interface for interaction between a user mode program and an operating system kernel, and the system call sequence is composed of a plurality of system calls according to an execution sequence thereof. The system call sequence is collected before the dependency relationship is obtained and is used as a basis for analyzing the dependency, the system call sequence is collected by tracking the execution of a real program, and the collected system call sequence is stored as a system call file L and is used as a system call sequence library.
The essence of an explicit dependency is the calling relationship between the parameters and return values of one or more system calls, which can be obtained by the method of building a dependency graph. Referring to FIG. 2, constructing a dependency graph to obtain explicit dependencies involves two parts, dependency graph generation and dependency detection.
In this embodiment, the step of establishing the dependency graph based on the kernel program W of the trusted operating system in step 1) includes: traversing the system call set of a trusted operating system kernel program W, wherein each traversal of a system call firstly moves the system call into a processed set, then searches an upstream call in a program where the system call is located, finally, the parameters of the system call are selected in a traversal way, if the result of the upstream call or the result thereof is calculated as the current parameter, the upstream call is taken as a result node, the current call is taken as a parameter node and added into a dependency graph, and an edge is established between the two nodes, so that a dependency graph is obtained, wherein the dependency graph is a graph G (V, E) consisting of a finite set of vertices and a set of edges between the vertices, V is the set of vertices in the graph G, E is the set of edges in the graph G, and the vertex set V is divided into a result node and a parameter node which respectively represent the return value and the parameter of the system call, an edge exists between two nodes if the two nodes contain explicit dependencies.
In this embodiment, the step of obtaining the explicit dependency relationship between the system calls in step 1) includes: for each system call to be detected in the graph G (V, E), firstly, finding a corresponding parameter node in the graph G (V, E), then, searching all result nodes with edges existing with the parameter node, wherein the system call represented by the result nodes is a call with an explicit dependency relationship with the system call to be detected, and finally, obtaining the explicit dependency relationship among all the system calls.
The system call file L cannot be directly recognized by the memory, and therefore, the system call file L needs to be parsed into a structure that can be recognized by the memory through lexical analysis and syntactic analysis. In this embodiment, the step of performing control flow analysis in step 1) to obtain the implicit dependency relationship between the system calls includes:
1.1) generating an abstract syntax tree for the system call file L through lexical analysis and syntax analysis;
1.2) obtaining the implicit dependency relationship between the system calls based on the abstract syntax tree.
In this embodiment, step 1.1) includes:
1.1.1) reading a system call file L, sequentially scanning the system call in the system call file L, and dividing the system call into words (tokens) which are a string of characters which can not be further divided in a source file;
1.1.2) obtaining a word sequence obtained by lexical analysis, judging whether the word sequence is generated according with a system calling grammar defined by a core of a trusted operating system, and generating an abstract syntax tree by all the word sequences generated according with the system calling grammar defined by the core of the trusted operating system. An abstract syntax tree, i.e., a memory recognizable structure, converts a meaningless byte stream into a data structure definition having a code structure.
In this embodiment, the implicit dependency relationship is detected by using a control flow analysis method, which is a static code analysis technique for confirming a program control flow. In this embodiment, step 1.2) includes: loading an abstract syntax tree obtained by analyzing system call into a memory, traversing the abstract syntax tree to analyze control flow, and analyzing the control flow through the following rules, wherein when resource dereferencing operation occurs in a conditional expression or a sub-expression thereof and indicates that the position of the expression contains read and write operations, the system call containing the expression is added into an implicit dependency set, and finally an implicit dependency set of which the table contains all implicit dependency relationships is obtained.
In this embodiment, step 2) includes:
2.1) generating batch random seeds according to explicit and implicit dependency relations among all system calls;
2.2) sorting the random seeds according to the code coverage rate of the system call;
2.3) selecting the system call with the largest code coverage from the sorted random seeds, if the system call triggers a new code coverage area, recursively searching the system call with the dependency relationship thereof, and the system call with the dependency relationship with the arbitrarily selected system call A comprises: as shown in fig. 3, the explicit dependency set u of the system call a, and the implicit dependency called in the explicit dependency set u; as shown in fig. 4, the implicit dependency of system call a, and the explicit dependency upstream of the implicit dependency; the display search strategy is shown in fig. 3, if an explicit dependency set u of the system call a is obtained, the set u is added to the initial SEED, and implicit dependencies called in u are also added until all the system calls with dependencies are added to the initial SEED; similarly, as shown in fig. 4, when an implicit dependency of a call is found, an explicit dependency upstream of the implicit dependency needs to be added to the initial SEED.
And 2.4) adding the selected system call and the system call which has a dependency relationship with the selected system call into an initial SEED, and taking the initial SEED as a finally generated kernel fuzzy test SEED of the trusted operating system.
In this embodiment, the step 2.4) is followed by a step of storing valid SEEDs in the initial SEED as a binary file, and the rule stored as the binary file includes: firstly, a binary file stores a seed, the seed can be analyzed into a plurality of system calls, and the arrangement sequence of the system calls is the execution sequence in a kernel; and the system call comprises a serial number, types of a plurality of parameters and corresponding parameter values, and the system call comprises 8 parameters at most in the embodiment. A sequence number corresponds to a unique system call and is represented by 32 bits, each parameter type is represented by 4 bits, and each parameter value is represented by 32 bits. A large number of effective seeds can be generated by formulating a seed storage format, taking the dependency relationship of system call as a constraint condition and using a random algorithm. Compared with other file formats, the binary file saves space and has high reading and writing speeds. And 2.2) steps to 2.3) are used for simplifying seeds, namely, deleting calls which do not contribute to the code coverage rate on the premise of ensuring the system call dependency relationship, wherein the aim is to ensure the maximum code coverage and the minimum seed number. To reduce the seed, the system calls first need to be sorted according to their code coverage. Secondly, each time the system call with the largest code coverage is selected, if the system call triggers a new code coverage area, the system call with explicit dependency and implicit dependency existing with the system call is recursively searched, and the calls with the dependency are merged and added into the initial SEED.
In summary, the method of the embodiment can generate the test seeds with low call repetition rate, wide coverage range and high effective proportion, can automatically generate the initial seeds to improve the efficiency of the fuzzy test on the kernel of the trusted operating system, and can provide a basis for vulnerability analysis on one hand; on the other hand, the method is beneficial to helping maintainers to discover and repair the vulnerability in time before attackers from the viewpoint of network attack and defense.
Referring to fig. 5, the method of the present embodiment is used as a test SEED generation module to provide an initial SEED to participate in the kernel fuzziness test of the trusted operating system when the kernel fuzziness test of the trusted operating system is performed. In this embodiment, after step 2), the method further includes the step of performing kernel fuzzy test on the initial SEED:
s1) mutating the SEED to generate more variants based on parameter variation, sequence variation, system call insertion, system call deletion, etc.;
s2) sending the initial SEED SEED and the legal SEED generated by mutation to a fuzzy tester, and adding the received SEED into an execution queue by the fuzzy tester for sequential execution;
s3) the fuzzy tester calls the system in the common world NW, the common application CA firstly calls an interface between the common application CA and the safety application TA, finds out a relative credible drive according to corresponding parameters, and then switches the context contex from the common world NW to the state of the safety world SW through the operation of the monitor SMC under the control of the monitor SMC, thereby realizing the credible operating system Trusted OS entering the safety world SW;
s4), the Trusted operating system (Trusted OS) in the secure world SW can manage the subsequent operation, firstly, corresponding incoming parameters are processed, corresponding secure application (TA) is loaded, and naming (command) parameters call a TEE Internal API (APU inside the Trusted execution environment) to realize the specific operation; while the test is executed, the coverage rate collection module collects the coverage rate range in the kernel and feeds the coverage rate range back to the fuzz tester in real time so as to guide the variation process of the test case.
In addition, the present embodiment also provides a seed generation system for kernel fuzz testing of a trusted operating system, which includes a microprocessor and a memory connected to each other, wherein the microprocessor is programmed or configured to execute the steps of the aforementioned seed generation method for kernel fuzz testing of a trusted operating system.
Furthermore, the present embodiment also provides a computer-readable storage medium, in which a computer program is stored, which is programmed or configured to execute the foregoing seed generation method for the kernel fuzz test of the trusted operating system.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-readable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein. The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks. These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks. These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only a preferred embodiment of the present invention, and the protection scope of the present invention is not limited to the above embodiments, and all technical solutions belonging to the idea of the present invention belong to the protection scope of the present invention. It should be noted that modifications and embellishments within the scope of the invention may occur to those skilled in the art without departing from the principle of the invention, and are considered to be within the scope of the invention.
Claims (10)
1. A seed generation method for kernel fuzz testing of a trusted operating system, comprising:
1) establishing a dependency graph based on a trusted operating system kernel program W and acquiring an explicit dependency relationship among system calls, wherein the explicit dependency relationship means that a parameter of one system call is a result of another system call; performing control flow analysis based on a system call file L to obtain an implicit dependency relationship between system calls, wherein the implicit dependency relationship refers to a certain shared area of an operating system kernel which is commonly used by the two system calls;
2) and generating and extracting a kernel fuzz test seed of the trusted operating system according to the explicit and implicit dependency relations among the system calls.
2. The seed generation method for the kernel fuzz test of the trusted operating system according to claim 1, wherein the step of establishing the dependency graph based on the kernel program W of the trusted operating system in the step 1) comprises: traversing the system call set of a trusted operating system kernel program W, wherein each traversal of a system call firstly moves the system call into a processed set, then searches an upstream call in a program where the system call is located, finally, the parameters of the system call are selected in a traversal way, if the result of the upstream call or the result thereof is calculated as the current parameter, the upstream call is taken as a result node, the current call is taken as a parameter node and added into a dependency graph, and an edge is established between the two nodes, so that a dependency graph is obtained, wherein the dependency graph is a graph G (V, E) consisting of a finite set of vertices and a set of edges between the vertices, V is the set of vertices in the graph G, E is the set of edges in the graph G, and the vertex set V is divided into a result node and a parameter node which respectively represent the return value and the parameter of the system call, an edge exists between two nodes if the two nodes contain explicit dependencies.
3. The seed generation method for the kernel fuzz testing of the trusted operating system according to claim 2, wherein the step of obtaining the explicit dependency relationship between the system calls in the step 1) comprises: for each system call to be detected in the graph G (V, E), firstly, finding a corresponding parameter node in the graph G (V, E), then, searching all result nodes with edges existing with the parameter node, wherein the system call represented by the result nodes is a call with an explicit dependency relationship with the system call to be detected, and finally, obtaining the explicit dependency relationship among all the system calls.
4. The seed generation method for the kernel fuzz test of the trusted operating system according to claim 1, wherein the step of performing control flow analysis in step 1) to obtain the implicit dependency relationship between the system calls comprises:
1.1) generating an abstract syntax tree for the system call file L through lexical analysis and syntax analysis;
1.2) obtaining the implicit dependency relationship between the system calls based on the abstract syntax tree.
5. The seed generation method for the kernel fuzz test of the trusted operating system according to claim 4, wherein the step 1.1) comprises:
1.1.1) reading a system call file L, sequentially scanning the system call in the system call file L, and dividing the system call into words, wherein the words are a string of characters which can not be further divided in a source file;
1.1.2) obtaining a word sequence obtained by lexical analysis, judging whether the word sequence is generated according with a system calling grammar defined by a core of a trusted operating system, and generating an abstract syntax tree by all the word sequences generated according with the system calling grammar defined by the core of the trusted operating system.
6. The seed generation method for the kernel fuzz test of the trusted operating system according to claim 5, wherein the step 1.2) comprises: loading an abstract syntax tree obtained by analyzing system call into a memory, traversing the abstract syntax tree to analyze control flow, and analyzing the control flow through the following rules, wherein when resource dereferencing operation occurs in a conditional expression or a sub-expression thereof and indicates that the position of the expression contains read and write operations, the system call containing the expression is added into an implicit dependency set, and finally an implicit dependency set of which the table contains all implicit dependency relationships is obtained.
7. The seed generation method for the kernel fuzz test of the trusted operating system according to claim 1, wherein the step 2) comprises:
2.1) generating batch random seeds according to explicit and implicit dependency relations among all system calls;
2.2) sorting the random seeds according to the code coverage rate of the system call;
2.3) selecting the system call with the largest code coverage from the sorted random seeds, if the system call triggers a new code coverage area, recursively searching the system call with the dependency relationship thereof, and the system call with the dependency relationship with the arbitrarily selected system call A comprises: the explicit dependency relationship set u of the system call A and the implicit dependency item called in the explicit dependency relationship set u; implicit dependency of system call A, and explicit dependency upstream of the implicit dependency;
and 2.4) adding the selected system call and the system call which has a dependency relationship with the selected system call into an initial SEED, and taking the initial SEED as a finally generated kernel fuzzy test SEED of the trusted operating system.
8. The method for SEED generation for kernel fuzzing of trusted operating system according to claim 7, wherein the step 2.4) is followed by a step of storing the valid SEEDs in the initial SEED as a binary file, and the rule stored as the binary file comprises: firstly, a binary file stores a seed, the seed can be analyzed into a plurality of system calls, and the arrangement sequence of the system calls is the execution sequence in a kernel; and the second system call comprises a serial number, types of a plurality of parameters and corresponding parameter values.
9. A seed generation system for kernel fuzz testing of a trusted operating system, comprising a microprocessor and a memory connected to each other, characterized in that the microprocessor is programmed or configured to perform the steps of the seed generation method for kernel fuzz testing of a trusted operating system according to any one of claims 1 to 8.
10. A computer-readable storage medium, wherein a computer program is stored in the computer-readable storage medium, the computer program being programmed or configured to perform the seed generation method for kernel fuzz testing of a trusted operating system according to any of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110749360.1A CN113419960B (en) | 2021-07-01 | 2021-07-01 | Seed generation method and system for kernel fuzzy test of trusted operating system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110749360.1A CN113419960B (en) | 2021-07-01 | 2021-07-01 | Seed generation method and system for kernel fuzzy test of trusted operating system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113419960A true CN113419960A (en) | 2021-09-21 |
| CN113419960B CN113419960B (en) | 2022-06-14 |
Family
ID=77720083
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110749360.1A Active CN113419960B (en) | 2021-07-01 | 2021-07-01 | Seed generation method and system for kernel fuzzy test of trusted operating system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113419960B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114139164A (en) * | 2021-12-01 | 2022-03-04 | 湖南大学 | A Mutation Method for Kernel Fuzzing of Trusted Operating Systems |
| CN114610640A (en) * | 2022-03-23 | 2022-06-10 | 浙江大学 | Fuzzy testing method and system for trusted execution environment of Internet of things |
| CN114840437A (en) * | 2022-05-24 | 2022-08-02 | 中南大学 | Operating system kernel fuzzy test seed evaluation distribution method |
| CN114840856A (en) * | 2022-04-26 | 2022-08-02 | 浙江大学 | A state-aware IoT trusted execution environment fuzz testing method and system |
| CN119336637A (en) * | 2024-10-08 | 2025-01-21 | 中国人民解放军国防科技大学 | A method, device and equipment for fuzz testing of operating system kernel |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101873323A (en) * | 2010-06-21 | 2010-10-27 | 南京邮电大学 | Web Service Platform Based on Program Slicing Technology |
| US20180365139A1 (en) * | 2017-06-15 | 2018-12-20 | Microsoft Technology Licensing, Llc | Machine learning for constrained mutation-based fuzz testing |
| CN109739755A (en) * | 2018-12-27 | 2019-05-10 | 北京理工大学 | A Fuzz Testing System Based on Program Tracing and Hybrid Execution |
| CN110554965A (en) * | 2019-09-05 | 2019-12-10 | 腾讯科技(深圳)有限公司 | automated fuzz testing method, related equipment and computer readable storage medium |
| CN111382067A (en) * | 2020-02-27 | 2020-07-07 | 中国科学院信息工程研究所 | A method and system for generating high-quality seeds in fuzzing testing |
| CN111694746A (en) * | 2020-06-15 | 2020-09-22 | 荆门汇易佳信息科技有限公司 | Flash defect fuzzy evaluation tool for compilation type language AS3 |
| CN111797405A (en) * | 2020-07-01 | 2020-10-20 | 北京华昱卓程软件有限公司 | Sequence-oriented hybrid fuzzy test method and device |
| CN112559367A (en) * | 2020-12-23 | 2021-03-26 | 南京大学 | Kernel fuzzy test case generation method based on system call dependency graph |
| CN112948257A (en) * | 2021-03-23 | 2021-06-11 | 北京鸿腾智能科技有限公司 | Kernel fuzzy test case generation method, device, equipment and storage medium |
-
2021
- 2021-07-01 CN CN202110749360.1A patent/CN113419960B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101873323A (en) * | 2010-06-21 | 2010-10-27 | 南京邮电大学 | Web Service Platform Based on Program Slicing Technology |
| US20180365139A1 (en) * | 2017-06-15 | 2018-12-20 | Microsoft Technology Licensing, Llc | Machine learning for constrained mutation-based fuzz testing |
| CN109739755A (en) * | 2018-12-27 | 2019-05-10 | 北京理工大学 | A Fuzz Testing System Based on Program Tracing and Hybrid Execution |
| CN110554965A (en) * | 2019-09-05 | 2019-12-10 | 腾讯科技(深圳)有限公司 | automated fuzz testing method, related equipment and computer readable storage medium |
| CN111382067A (en) * | 2020-02-27 | 2020-07-07 | 中国科学院信息工程研究所 | A method and system for generating high-quality seeds in fuzzing testing |
| CN111694746A (en) * | 2020-06-15 | 2020-09-22 | 荆门汇易佳信息科技有限公司 | Flash defect fuzzy evaluation tool for compilation type language AS3 |
| CN111797405A (en) * | 2020-07-01 | 2020-10-20 | 北京华昱卓程软件有限公司 | Sequence-oriented hybrid fuzzy test method and device |
| CN112559367A (en) * | 2020-12-23 | 2021-03-26 | 南京大学 | Kernel fuzzy test case generation method based on system call dependency graph |
| CN112948257A (en) * | 2021-03-23 | 2021-06-11 | 北京鸿腾智能科技有限公司 | Kernel fuzzy test case generation method, device, equipment and storage medium |
Non-Patent Citations (3)
| Title |
|---|
| BSAUCE等: "最新顶会fuzz论文分享", 《HTTPS://GITHUB.COM/BSAUCE/SOME-PAPERS-ABOUT-FUZZING》 * |
| DAWUGE: "Moonshine论文阅读", 《HTTPS://DAGUGE.GITHUB.IO/2019/10/09/2019-10-09-MOONSHINE/》 * |
| 董雨良等: "基于重点变异区域智能识别的模糊测试技术", 《计算机技术与发展》 * |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114139164A (en) * | 2021-12-01 | 2022-03-04 | 湖南大学 | A Mutation Method for Kernel Fuzzing of Trusted Operating Systems |
| CN114139164B (en) * | 2021-12-01 | 2024-06-28 | 湖南大学 | Mutation method for kernel fuzzy test of trusted operating system |
| CN114610640A (en) * | 2022-03-23 | 2022-06-10 | 浙江大学 | Fuzzy testing method and system for trusted execution environment of Internet of things |
| CN114610640B (en) * | 2022-03-23 | 2024-08-30 | 浙江大学 | A fuzz testing method and system for trusted execution environment of Internet of Things |
| CN114840856A (en) * | 2022-04-26 | 2022-08-02 | 浙江大学 | A state-aware IoT trusted execution environment fuzz testing method and system |
| CN114840437A (en) * | 2022-05-24 | 2022-08-02 | 中南大学 | Operating system kernel fuzzy test seed evaluation distribution method |
| CN119336637A (en) * | 2024-10-08 | 2025-01-21 | 中国人民解放军国防科技大学 | A method, device and equipment for fuzz testing of operating system kernel |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113419960B (en) | 2022-06-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Sun et al. | Healer: Relation learning guided kernel fuzzing | |
| CN113419960B (en) | Seed generation method and system for kernel fuzzy test of trusted operating system | |
| CN111400724B (en) | Operating system vulnerability detection method, system and media based on code similarity analysis | |
| US20040205411A1 (en) | Method of detecting malicious scripts using code insertion technique | |
| Yu et al. | Patching vulnerabilities with sanitization synthesis | |
| US20120072988A1 (en) | Detection of global metamorphic malware variants using control and data flow analysis | |
| CN101661543A (en) | Method and device for detecting security flaws of software source codes | |
| Yesir et al. | Malware detection and classification using fasttext and bert | |
| US20210334371A1 (en) | Malicious File Detection Technology Based on Random Forest Algorithm | |
| CN113297580A (en) | Code semantic analysis-based electric power information system safety protection method and device | |
| CN104866764B (en) | A kind of Android phone malware detection method based on object reference figure | |
| CN116305131B (en) | Static confusion removing method and system for script | |
| WO2025001089A1 (en) | Vulnerability detection method and related device | |
| CN116720192A (en) | A vulnerability detection method based on hybrid analysis technology for MIPS architecture | |
| CN116881907A (en) | A dynamic and static ANDROID privacy leakage detection method and system based on data flow analysis | |
| US9600644B2 (en) | Method, a computer program and apparatus for analyzing symbols in a computer | |
| Yin et al. | Precise discovery of more taint-style vulnerabilities in embedded firmware | |
| CN113626823B (en) | Method and device for detecting interaction threat among components based on reachability analysis | |
| CN109002716A (en) | Malicious code intrusion detection and prevention method for mobile application | |
| CN116992453A (en) | A method and system for automatically locating vulnerability root causes based on stack hashing | |
| EP3692456A1 (en) | Binary image stack cookie protection | |
| Kargén et al. | Speeding up bug finding using focused fuzzing | |
| Yang et al. | On the Code Vulnerability Detection Based on Deep Learning: A Comparative Study | |
| CN114647845B (en) | A method and device for detecting and identifying malicious sample delay codes | |
| KR102864823B1 (en) | Apparatus for processing cyber threat information, method for processing cyber threat information, and computationally-readable storage medium for storing a program processing cyber threat information |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |