引用本文: | 蔡军,邹鹏,杨尚飞,等.软件漏洞分析中的脆弱点定位方法.[J].国防科技大学学报,2015,37(5):141-148.[点击复制] |
CAI Jun,ZOU Peng,YANG Shangfei,et al.Vulnerable spots localization methods for software vulnerability analysis[J].Journal of National University of Defense Technology,2015,37(5):141-148[点击复制] |
|
|
|
本文已被:浏览 9191次 下载 6501次 |
软件漏洞分析中的脆弱点定位方法 |
蔡军1, 邹鹏1, 杨尚飞2, 何骏1 |
(1.装备学院 复杂电子系统仿真实验室, 北京 101416;2.海军装备研究院, 北京 100161)
|
摘要: |
针对二进制程序漏洞成因复杂难以分析的问题,提出运用污点分析的软件脆弱点定位方法,并实现了一个工具原型SwordChecker。以动态污点追踪为基础,依据漏洞模式通过特征匹配来定位软件中的脆弱点,运用二分查找定位影响脆弱点的敏感字节。实验表明,使用SwordChecker能够精确快速识别定位软件中三种类型的脆弱点, 已成功分析了多个已公开漏洞的成因,并已辅助挖掘出几个未公开漏洞。 |
关键词: 污点分析 脆弱点定位 二分查找 |
DOI:10.11887/j.cn.201505022 |
投稿日期:2014-12-31 |
基金项目:国家863计划资助项目(2012AA012902);“核高基”国家科技重大专项基金资助项目(2013ZX01045-004) |
|
Vulnerable spots localization methods for software vulnerability analysis |
CAI Jun1, ZOU Peng1, YANG Shangfei2, HE Jun1 |
(1.Science and Technology on Complex Electronic System Simulation Laboratory, Academy of Equipment, Beijing 101416, China;2. Naval Academy of Armament, Beijing 100161, China)
|
Abstract: |
Aiming at the difficulty in analysis of binary program vulnerabilities, an approach for software vulnerable spots localization based on taint analysis was proposed, and a corresponding tool named SwordChecker was implemented. This method is based on dynamic taint tracing. Software vulnerable spots were localized by character matching according to vulnerability patterns, and sensitive bytes which affected the vulnerable spots were localized by binary-search. Experiment results show that SwordChecker can accurately identify and localize three types of software vulnerable spots fast, has successfully analyzed the causes of multiple open vulnerabilities, and has assisted mining several undisclosed vulnerabilities. |
Keywords: taint analysis vulnerable spots localization binary-search |
|
|
|
|
|