中文摘要：

随着软件安全问题的日趋严重,智能Fuzzing技术被广泛应用于漏洞挖掘、软件安全领域.基于符号执行和污点分析技术的各种智能Fuzzing平台相继诞生.该文首先以漏洞安全问题以及软件测试方法学为背景,介绍了智能Fuzzing技术中用到的理论,包括符号执行、污点分析等;然后介绍了现有成型智能Fuzzing平台,包括SAGE、KLEE、BitBlaze等,并且提出它们现存的主要问题;最后通过总结智能Fuzzing平台的可改进之处,提出了一种更有效的智能Fuzzing平台的设计方案,该方案基于全系统的符号执行技术,利用云计算平台进行调度,可以有效应用于商业级软件的Fuzzing工作.

英文摘要：

As the problem of software vulnerabilities becomes increasingly serious, smart Fuzzing technology is widely applied in the field of vulnerability mining and software security. Frameworks for smart Fuzzing based on symbolic execution and taint analysis are developed. Under the concept of vulnerability problem and software test methodology, this paper describes theories in smart Fuzzing technology and some released smart Fuzzing frameworks, including the bottlenecks. Finally, this paper proposes a blueprint of smart Fuzzing framework based on whole system symbolic execution and cloud computing infrastructure. It can be used as a practical platform toward the COTS software fuzzing.