期刊名称:International Journal of Computer Science and Security (IJCSS)
电子版ISSN:1985-1553
出版年度:2020
卷号:14
期号:5
页码:200-209
出版社:Computer Science Journals
摘要:Code coverage is commonly used in software testing because it tells which portion of code has been tested or not. Fuzzing is one of the most popular and powerful solutions to find software vulnerabilities. And code coverage information is used in several fuzzing techniques to guide the testing. Coverage-guided fuzzer is efficient and effective by tracking and utilizing code coverage feedback. In practice, when the source code of a target application is not provided, we have to focus on the binary files and fuzz the executable files. This paper briefly introduces fuzzing techniques and the common code coverage measurement criteria. Then the paper give a comprehensive review and summary of the ways to gather coverage information, including source code instrumentation, dynamic instrumentation, static instrumentation, emulation, debugger, and hardware feature. Their advantages and disadvantages are discussed. Few studies have been conducted on the techniques that fuzzers extract code coverage information from binary files and use it to guide fuzzers in next step. Therefore this paper also provides a summary of how fuzzers utilize code coverage feedback information and what are the strengths and limitations of each of them.
关键词:Code Coverage;Fuzzing;Software Testing;Binary Analysis;Test Case Generation.
