|
|||||
|
|
| 基于二进制动态插装程序执行路径追踪 | |
| 引用本文: | 常达,李舟军,杨天放,忽朝俭. 基于二进制动态插装程序执行路径追踪[J]. 信息安全与技术, 2011, 0(9): 41-46 |
| 作者姓名: | 常达 李舟军 杨天放 忽朝俭 |
| 作者单位: | 北京航空航天大学计算机学院,北京100191 |
| 摘 要: | 系统平台、编译器以及编译选项的差异,都可能会导致程序的源代码和编译得到的可执行代码之间存在语义差异,仅对源代码进行分析可能会遗漏隐藏在可执行代码里的漏洞。即使在源代码分析中验证了所需要的安全性质,也无法保证不违反可执行代码中的安全性质。本文基于一个二进制动态插装框架,设计并实现了一种对程序执行路径进行追踪的原型系统。实验证明,本系统在准确追踪执行路径的同时,能够过滤掉90%~99%的次要指令,极大提高了分析效率。最后,本文对其他的技术方案、现有原型系统的不足以及未来的工作进行了讨论。 |
| 关 键 词: | 可执行程序 路径追踪 动态插装 全系统虚拟机 |
Program Execution Tracer based on Dynamic Binary Instrumentation |
|
| Chang Da Li Zhou-jun Yang Tian-fang Hu Chao-jian. Program Execution Tracer based on Dynamic Binary Instrumentation[J]. Information Security and Technology, 2011, 0(9): 41-46 | |
| Authors: | Chang Da Li Zhou-jun Yang Tian-fang Hu Chao-jian |
| Affiliation: | Chang Da Li Zhou-jun Yang Tian-fang Hu Chao-jian(Computer Science and Engineering School Beihang University Beijing 100191) |
| Abstract: | The differences of system platform,compiler and compilation options are likely to lead semantic differences between source code and executable code,only source code analysis may omit vulnerabilities hidden in executable code.Even source code analysis has verified the nature of the need for security,but yet it can not assure the security nature in the executable code are satisfied not contrary to.This paper designed and implemented a program execution tracer based on dynamic binary instrumentation.The results show our prototype tool can accurately trace in the execution path,and be able to filter out 90% to 99% secondary instructions.At last,this paper discussed other technical solutions,the shortcoming of current prototype tool and the future work. |
| Keywords: | executable tracer dynamic instrumentation whole-system virtual machine |
| 本文献已被 CNKI 维普 等数据库收录! | |