| 一种基于污点分析的文件型软件漏洞发现方法 |
| |
| 引用本文: | 刘智,张小松. 一种基于污点分析的文件型软件漏洞发现方法[J]. 小型微型计算机系统, 2012, 33(1): 42-48 |
| |
| 作者姓名: | 刘智 张小松 |
| |
| 作者单位: | 电子科技大学计算机科学与工程学院,成都,611731 |
| |
| 基金项目: | 保密通信国防科技重点实验室基金项目(9140C1104020903)资助 |
| |
| 摘 要: | 基于黑盒测试思想的Fuzzing是漏洞分析的主要方法,但效率较低且不能分析未知格式.基于污点分析,提出一种针对文件型软件的漏洞发现新方法.利用污点分析寻找输入中能导致执行流到达脆弱点的字节,再改变这些字节产生新输入;同时根据污点信息产生特征码.利用插桩工具实现了原型系统,对三个真实漏洞进行了测试.实验结果表明该方法能有效发现漏洞,生成的测试用例远小于Fuzzing,且不依赖输入格式;特征码的误报率漏报率均较低.
|
| 关 键 词: | 漏洞 污点分析 插桩 依赖性分析 特征码 |
New Approach of Vulnerability Finding for File-reading Applications Based on Taint Analysis |
| |
| LIU Zhi , ZHANG Xiao-song. New Approach of Vulnerability Finding for File-reading Applications Based on Taint Analysis[J]. Mini-micro Systems, 2012, 33(1): 42-48 |
| |
| Authors: | LIU Zhi ZHANG Xiao-song |
| |
| Affiliation: | (Department of Computer Science & Engineering,University of Electronic Science and Technology of China,Chengdu 611731,China) |
| |
| Abstract: | Black-box based fuzzing is the major technique of discovering vulnerability,but it is quite ineffective and cannot analyze unknown input formats.Using taint analysis,we propose a new method of discovering vulnerability targeted at file-reading applications.It locates bytes in input that direct execution to vulnerable points,which will be mutated to generate new test cases;signatures are generated via vulnerability information.We implemented a proof-of-concept system with instrumentation tools and evaluated three real-world vulnerabilities.Experiment results show our approach is able to effectively find vulnerabilities with much fewer test cases,being independent of input formats,and signatures have low false positives and false negatives. |
| |
| Keywords: | vulnerability taint analysis instrumentation dependency analysis signature |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
