计算机工程与应用 ›› 2008, Vol. 44 ›› Issue (6): 113-116.

• 研发、测试 • 上一篇    下一篇

目标码动态测试框架的设计及实现

魏 强,胡定文,王清贤   

  1. 解放军信息工程大学 网络工程系,郑州 450002
  • 收稿日期:2007-07-11 修回日期:2007-10-29 出版日期:2008-02-21 发布日期:2008-02-21
  • 通讯作者: 魏 强

Design and implementation of object code based dynamic testing framework

WEI Qiang,HU Ding-wen,WANG Qing-xian   

  1. Department of Network Engineering,PLA Information Engineering University,Zhengzhou 450002,China
  • Received:2007-07-11 Revised:2007-10-29 Online:2008-02-21 Published:2008-02-21
  • Contact: WEI Qiang

摘要: 在提出了一种支持多种测试数据构造方式,具有异常监测及自动化分析模块的目标码动态测试框架。并按照该框架实现了对文件格式处理软件的安全性进行测试的原型系统DT,该系统实现了执行参数输入和缺陷注入两种测试方法。为了验证系统的有效性,以MS Office软件近两年来的公开漏洞为例对DT系统进行了测试,实验结果表明这些漏洞都可以通过测试发现。

Abstract: An object code based dynamic testing framework is presented which supports several methods of testing data constructions and has the exception monitoring and automatic analyzing module.Following the framework,the prototype system DT is implemented which can use execution parameter input and fault injection methods to test the security of software that deals with file format.To validate the availability of DT system,it can be tested with the recent years’ opened vulnerabilities of MS office software.The experiment result shows that these vulnerabilities can be found by DT.