节点文献

二进制应用程序漏洞挖掘技术研究

Research on Binary-Code-Oriented Vulnerability Detection

【作者】 康凯

【导师】 崔宝江;

【作者基本信息】 北京邮电大学 , 信息安全, 2013, 硕士

【摘要】 随着信息技术的发展,计算机软件在经济、医疗、国防等各个领域发挥着关键作用。在此情形下,软件安全作为信息系统的基本属性,成为影响国计民生的问题之一。近年来,虽然各大软件厂商都积极在产品的研发阶段采用“安全开发生命周期”,软件开发人员的安全编码意识较前些年相比也有显著提高,但软件复杂度和代码量的不断提高,决定了无法彻底杜绝漏洞的出现。这无疑使攻击者有机可乘——利用软件漏洞发起的“高级持续威胁”攻击事件层出不穷,使网络安全面临严峻的威胁。尽早发现并及时修补软件漏洞,对保护互联网用户的个人信息安全和维护国家安全都有积极地促进作用。软件漏洞挖掘技术也因此成为安全研究领域备受关注的热点课题之一。根据研究对象的不同,软件漏洞挖掘技术可分为两类:一类是针对开放源代码软件进行源代码级别的漏洞检测;一类是针对闭源软件进行二进制级别的漏洞检测。由于大多数软件厂商出于对自身商业利益和知识产权的保护,并不向开发社区和安全研究社区开放其产品的源代码。而且源代码在被编译的过程中,可能会由于编译器不当的编译优化,生成存在安全缺陷的二进制代码。基于上述原因,面向二进制的漏洞挖掘技术是当前研究的主流方向。与源代码级别的漏洞挖检测比,二进制级别的漏洞检测面临以下难点:(1)信息缺乏。虽然可以对二进制文件进行反汇编得到汇编代码,但仍然缺乏变量类型信息,数据结构信息以及程序的语义信息。特别是间接跳转和指针别名问题,给二进制级别的漏洞检测带来极大的挑战。(2)x86指令复杂。基于x86结构的指令集指令类型繁多,不同指令的操作数数目不同,且往往单条指令会对多个操作数产生影响。这会对二进制级别程序分析的精确性产生一定影响。本文围绕二进制应用程序漏洞挖掘着一课题,深入研究了以下问题:(1)二进制动态插装平台PIN插件开发技术;(2)基于PIN的模糊测试用例集优化技术;(3)基于XML的漏洞模式形式化描述技术;(4)离线细粒度污点分析技术;(5)基于污点分析的智能Fuzzing系统的设计。

【Abstract】 Along with the development of information technology,sofrware plays an important role in many areas such as economic,medical,national defense. In such a case,security which is the basic property of information system has an effect on national welfare and people’s livehood.In recent years,although many software vendors has actively adopted Security Development Lifecycle that’s proposed by Microsoft,and more and more programmers developed the sense of secure coding.But software’s complextity and amount of code determined essentially vulnerabilities can not be completely eliminated from software.There is no doubt that it gives the attackers oppurtunities,network faces severe threats due to Advanced Pesistent Threat lauched by exploiting software vulnerabilities.Discovering vulnerabilities as early as possible,and patching them in time will not only enhance the personal information security but also national security. So the technology of bug hunting is one of the most interested theme in the field of security research.Vernerability discovering technology can be classified into two kinds: source-code-oriented vulnerability detection and binary-code-oriented vulnerability dectection.Because many software vendors don not release their products with source code for commercial interest and intellectual property reason.And in the process of compiling,in case of compiler’s impoper optimization,defective binary code will be generated.Because of the above reasons,binary-code-oriented detection is the mainstream method.Comparing with source-code-oriented vulnerability detection,binary-code-oriented vulnerability detection faced with following challenges:Lack of informatiomalthough assembly code can be acquired by disassembling the binary file,information such as variable data type,data structure, syntactic and semantic is still missing.Especially indirect jump and pointer alias make binary code analysis tougher.The complexity of x86instructions setthera are various type of instruction in x86instruction set,and different instruction has different amount of operands.What’s more,a single instruction usually has and effect on multiple operands.This dissertation focuses on binary-executable-oriendted vulnerability detection techniques,makes in-depth on the following issue:(1)the development technique of binary instrument framework PIN’s plugin(2)the optimization of fuzzing test cases set technique based on PIN(3)the formal description of vulnerability pattern based on XML(4)offline fine-graind taint anlaysis technique;(5)the design and impletation.

节点文献中: 

本文链接的文献网络图示:

本文的引文网络