Abstract: To solve the problem of poor triggering ability of whitebox fuzzing vulnerability, a Whitebox Fuzzing Based on Taint Analysis（WFBTA） scheme is proposed. According to different vulnerabilities, the scheme identifies dangerous operations, obtains vulnerability-related constraints. Combining with route constraints, it is solved through a constraint solver to generate test cases with high coverage and good vulnerability triggering capabilities. The experimental results show that compared with the original whitebox fuzzy test method, the WFBTA scheme has stronger vulnerability discovery ability, lower false negative rate and false positive rate, and the average time overhead only increases by 1.31%.

Key words: vulnerability detection, fuzzing test, symbol execution, taint analysis

摘要： 针对白盒模糊测试漏洞触发能力较弱的问题，提出一种基于污点分析的白盒模糊测试（WFBTA）方案，依据不同的漏洞特征，识别危险操作，获得漏洞相关的约束条件，与路径约束条件优化结合后通过约束求解器求解，产生覆盖率较高且漏洞触发能力良好的测试用例。实验结果表明，与原有的白盒模糊测试方法相比，WFBTA方案具有更强的漏洞发现能力、更低的漏报率与误报率，而平均时间开销仅增加了1.31%。

关键词: 漏洞检测, 模糊测试, 符号执行, 污点分析