| 基于污点指针的二进制代码缺陷检测 |
| |
| 引用本文: | 刘杰,王嘉捷,欧阳永基,王清贤.基于污点指针的二进制代码缺陷检测[J].计算机工程,2012,38(24):46-49. |
| |
| 作者姓名: | 刘杰 王嘉捷 欧阳永基 王清贤 |
| |
| 作者单位: | 1. 国家数字交换系统工程技术研究中心,郑州,450002
2. 中国信息安全测评中心,北京,100085 |
| |
| 基金项目: | 国家"863"计划基金资助项目 |
| |
| 摘 要: | 污点指针严重影响二进制代码数据流和控制流的安全。为此,提出一种二进制代码缺陷检测方法。引入指针污点传播规则,结合路径约束条件和边界约束条件得到缺陷引发条件,构造能够引发4类污点指针代码缺陷的输入数据。在Linux系统下实现ELF二进制代码缺陷检测工具,测试结果表明,该方法能降低测试用例生成数量,并发现Linux系统工具的1个虚函数调用控制缺陷和2个指针内存破坏缺陷。
|
| 关 键 词: | 污点指针 污点传播 符号执行 边界条件 缺陷检测 内存破坏 |
| 收稿时间: | 2012-03-15 |
| 修稿时间: | 2012-04-21 |
Binary Code Defect Detection Based on Taint Pointer |
| |
| LIU Jie
,
WANG Jia-jie
,
OUYANG Yong-ji
,
WANG Qing-xian.Binary Code Defect Detection Based on Taint Pointer[J].Computer Engineering,2012,38(24):46-49. |
| |
| Authors: | LIU Jie WANG Jia-jie OUYANG Yong-ji WANG Qing-xian |
| |
| Affiliation: | (1. National Digital Switching System Engineering & Technological R&D Center, Zhengzhou 450002, China; 2. China Information Technology Security Evaluation Center, Beijing 100085, China) |
| |
| Abstract: | Taint pointers are serious threats to the security of data flow and control flow. A method for binary defect detection is proposed, which is based on dynamic taint propagation, dynamic symbolic execution and bound constraint analysis, including introduction of the pointer propagation rules, generation of trigger condition by combing path constraints with bound constraints. It can generate inputs for four types of code defects caused by taint pointer. Test results show that this method reduces the number of test case generation effectively, and a virtual function call hijack and two pointer memory corruption defects are found in the test of Linux system tools. |
| |
| Keywords: | taint pointer taint propagation symbolic execution bound condition defect detection memory corruption |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载全文 |
|
