Computer Engineering and Applications ›› 2008, Vol. 44 ›› Issue (6): 113-116.
• 研发、测试 • Previous Articles Next Articles
WEI Qiang,HU Ding-wen,WANG Qing-xian
Received:
Revised:
Online:
Published:
Contact:
魏 强,胡定文,王清贤
通讯作者:
Abstract: An object code based dynamic testing framework is presented which supports several methods of testing data constructions and has the exception monitoring and automatic analyzing module.Following the framework,the prototype system DT is implemented which can use execution parameter input and fault injection methods to test the security of software that deals with file format.To validate the availability of DT system,it can be tested with the recent years’ opened vulnerabilities of MS office software.The experiment result shows that these vulnerabilities can be found by DT.
摘要: 在提出了一种支持多种测试数据构造方式,具有异常监测及自动化分析模块的目标码动态测试框架。并按照该框架实现了对文件格式处理软件的安全性进行测试的原型系统DT,该系统实现了执行参数输入和缺陷注入两种测试方法。为了验证系统的有效性,以MS Office软件近两年来的公开漏洞为例对DT系统进行了测试,实验结果表明这些漏洞都可以通过测试发现。
WEI Qiang,HU Ding-wen,WANG Qing-xian. Design and implementation of object code based dynamic testing framework[J]. Computer Engineering and Applications, 2008, 44(6): 113-116.
魏 强,胡定文,王清贤. 目标码动态测试框架的设计及实现[J]. 计算机工程与应用, 2008, 44(6): 113-116.
0 / Recommend
Add to citation manager EndNote|Ris|BibTeX
URL: http://cea.ceaj.org/EN/
http://cea.ceaj.org/EN/Y2008/V44/I6/113