| 一种基于fuzzing技术的漏洞发掘新思路* |
| |
| 引用本文: | 邵林,张小松,苏恩标. 一种基于fuzzing技术的漏洞发掘新思路*[J]. 计算机应用研究, 2009, 26(3): 1086-1088 |
| |
| 作者姓名: | 邵林 张小松 苏恩标 |
| |
| 作者单位: | 电子科技大学,计算机科学与工程学院,成都,610054 |
| |
| 基金项目: | 国家自然科学基金资助项目(60673142) |
| |
| 摘 要: | 目前检测软件缓冲区溢出漏洞仅局限于手工分析、二进制补丁比较及fuzzing技术等,这些技术要么对人工分析依赖程度高,要么盲目性太大,致使漏洞发掘效率极为低下。结合fuzzing技术、数据流动态分析技术以及异常自动分析技术等,提出一种新的缓冲区溢出漏洞发掘思路。新思路克服了已有缓冲区溢出漏洞发掘技术的缺点,能有效发掘网络服务器软件中潜在的未知安全漏洞(0day),提高了缓冲区溢出漏洞发掘效率和自动化程度。
|
| 关 键 词: | 自动化 缓冲区溢出 黑盒测试 安全漏洞 漏洞发掘 |
New method of software vulnerability detection based on fuzzing |
| |
| SHAO Lin,ZHANG Xiao-song,SU En-biao. New method of software vulnerability detection based on fuzzing[J]. Application Research of Computers, 2009, 26(3): 1086-1088 |
| |
| Authors: | SHAO Lin ZHANG Xiao-song SU En-biao |
| |
| Affiliation: | (School of Computer Application Technology, Technology University of Electronic Science & Technology of China, Chengdu 610054, China) |
| |
| Abstract: | The techniques of buffer overflow vulnerabilities detection was single and limited to manual analysis, binary-patch comparison, fuzzing and so on. These techniques of vulnerabilities detection were either too dependent on manual analysis or too blind, leading up to the low efficiency of vulnerabilities detection. Introduced a new method of buffer overflow vulnerabilities detection, which was based on fuzzing, data-flow dynamic analysis and automated exception analysis. Overcame the disadvantages of old techniques, this new method effectively improves the detection of potential unknown security vulnerabilities (0day) in software. Besides, this method is more automated and performs better in finding new security vulnerabilities. |
| |
| Keywords: | automation buffer overflow fuzzing security vulnerability vulnerability detection |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机应用研究》浏览原始摘要信息 |
|
点击此处可从《计算机应用研究》下载全文 |
|
