《计算机应用研究》|Application Research of Computers

基于污点状态空间的脆弱性可疑点定位方法

Suspicious vulnerability locating based on taint state space

免费全文下载 (已被下载 次)  
获取PDF全文
作者 史大伟,石志刚,秦晓军
机构 江南计算技术研究所,江苏 无锡 214083
统计 摘要被查看 次,已被下载
文章编号 1001-3695(2015)01-0232-04
DOI 10.3969/j.issn.1001-3695.2015.01.053
摘要 针对现有方法在定位效能和适应性方面的不足,提出一种基于污点状态空间的脆弱性可疑点定位方法,在动态污点分析的框架下,建模扩展污点状态机模型,通过离线轨迹文件分析指令执行时的污点状态迁移,同时设计了多类非安全迁移规则,检测并定位脆弱性可疑点。构造原型系统并进行测试的结果表明该方法能在未触发脆弱性的条件下较完备和快速地定位多类脆弱性可疑点。
关键词 污点状态空间;脆弱性可疑点;动态污点分析;状态迁移
基金项目 国家“863”计划资助项目(2012AA7111043)
本文URL http://www.arocmag.com/article/01-2015-01-053.html
英文标题 Suspicious vulnerability locating based on taint state space
作者英文名 SHI Da-wei, SHI Zhi-gang, QIN Xiao-jun
机构英文名 Jiangnan Institute of Computing Technology, Wuxi Jiangsu 214083, China
英文摘要 In terms of the low performance and weak adaptability of existing locating methods, this paper proposed a new method based on taint state space for suspicious vulnerability locating, this method modeled extended taint state machine model under dynamic taint analysis framework, analysed taint state transition when instruction was executed through off-line trace file, designed various unsecured transition rules for detecting and locating suspicious vulnerability. This paper implemented a prototype system and evaluated with many samples. The results prove that the method can completely and rapidly locating many types of suspicious vulnerability under certain conditions that not triggering the vulnerability.
英文关键词 taint state space; suspicious vulnerability; dynamic taint analysis; state transition
参考文献 查看稿件参考文献
  [1] BISHOP M, BAILEY D. A critical analysis of vulnerability taxonomies, CSE-96-11[R] . [S. l. ] :Department of Computer Science, University of California at Davis, 1996.
[2] POZZA D, DURANTE L. Comparing lexical analysis tools for buffer overflow detection in network software[C] //Proc of the 1st International Conference on Communication System Software and Middleware. 2006.
[3] 曾鸣, 赵荣彩, 王小芹, 等. 一种基于反汇编技术的二进制补丁分析方法[J] . 计算机科学, 2006, 33(10):283-287.
[4] 张媛, 域冠龙, 李仁见. 一种基于模型检验的缓冲区溢出检测方法[J] . 计算机科学, 2012, 39(6):31-34.
[5] SHAO Lin, ZHANG Xiao-song, SU En-biao. New method of software vulnerability detection based on fuzzing[J] . Computer Application Research, 2009, 26(3):1086-1088.
[6] NEWSOME J, SONG D. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software[C] //Proc of the 12th Annual Network and Distributed System Security Symposium. 2005.
[7] PORTOKALIDIS G, SLOWINSKA A, BOS H. Argos:an emulator for fingerprinting zero-day attacks for advertised honeypots with automatic signature generation[C] //Proc of the 2006 EuroSys Confe-rence. 2006:15-27.
[8] CLAUSE J, LI Wan-chun, ORSO A. Dytan:a generic dynamic taint analysis framework[C] //Proc of International Symposium on Software Testing and Analysis. 2007:196-206.
[9] WAGNER F. Modeling software with finite state machine:a practical approach[M] . [S. l. ] :Auerbach Publications, 2006.
[10] KUPFERMAN O, LUSTING Y. Lattices simulation relations and games[J] . International Journal on the Foundations of Computer Science, 2010, 21(2):167-189.
[11] FABRICE BELLARD. Qemu:a fast and portable dynamic translator[C] //Proc of the Annual Conference on USENIX Annual Technical Conference. Berkeley:USENIX Association. 2005:41-41.
收稿日期 2013/12/19
修回日期 2014/1/30
页码 232-235,242
中图分类号 TP309.2
文献标志码 A