Windows平台下软件安全漏洞研究

【作者】 彭赓；

【导师】 范明钰；

【作者基本信息】 电子科技大学 ， 信息与通信工程， 2010， 硕士

【摘要】 随着Windows系统在各行各业的广泛应用,运行在Windows平台下的软件得到了极大的丰富和完善。软件在提供给了人们方便快捷的工作生活方式的同时,也带来了铺天盖地的软件安全漏洞,从Windows系统本身的安全漏洞到运行于其上的应用软件安全漏洞,不胜枚举。日益增多的安全漏洞不仅影响了普通用户和企业的正常生产生活,也威胁到了全社会的信息安全。软件安全漏洞由于其特殊性,关系到个人,企业甚至于国家的信息安全,较为敏感,目前的情况是公开的文献和技术方法都较少,网络上发布的安全漏洞信息一般只概述漏洞的总体情况,缺乏对漏洞进行分析的技术支持。研究漏洞的相关技术,涉及到对漏洞进行细致的分析,一般来说会涉及到系统底层的技术细节。在这个基础之上,我们可以找到安全编程的新方法、遏制通过漏洞传播的网络木马和病毒、归纳出漏洞产生机理的规律指导对未知漏洞的挖掘和分析。从更高的层面来讲,这有利于我国信息安全人才的培养和技术积累,有利于规范计算机行业秩序,打击计算机犯罪,维护国家的信息安全。本文将研究对象定位在Windows平台下的闭源软件。首先介绍了进行漏洞分析工作的基础,包括PE文件的结构、反汇编的基本概念,紧接着给出了三种漏洞的定义,并讨论了漏洞的分类。然后,详细阐述了静态分析技术,静态分析技术实质是理解所生成反汇编代码的逻辑结构,理解高级语言中关键结构在反汇编代码中的表现形式。之后是动态分析技术部分,在明确了断点和单步执行的基本概念之后,用实际调试、跟踪分析的方式深刻剖析了栈溢出、堆溢出和格式化字符串漏洞的产生机制。随后,本文选取了两个颇具代表性的漏洞,即2010年1月的IE0day极光漏洞和2008年的MS08-067漏洞,前者属于应用软件漏洞,后者属于系统软件漏洞,对这两个安全漏洞进行了详细的调试,结合实际的代码片断和调试器的信息反馈,进行了分析和说明,展示了产生这两个漏洞的技术细节。文末,对软件安全漏洞的研究进行了总结和展望。更多还原

【Abstract】 With the Windows system widely used in all aspects of modern society, software running on the Windows platform has been greatly improved. Software brings human beings a fast and convenient way of life. And it also brings overwhelming software security vulnerabilities, from security vulnerabilities in Windows system itself to the software running on it, too numerous to mention. An increasing number of security vulnerabilities not only affect the ordinary users and businesses, but also pose a threat to the information security of our society.Software security vulnerabilities are related to individuals, corporations and even national information security, so they are very sensitive. Current situation is that the open literature and technical methods are fewer. Security vulnerabilities information on the network normally only contains an overview, lack of technical support.Research on software vulnerability is about analyzing software vulnerabilities. In general, it involves the underlying technical details. On that basis, we can find new methods of safe programming; supress the spread of Trojans and viruses through the holes; sum up the regular pattern to dig and analysis unknown vulnerabilities. From a higher level, which is good to train talents and accumulate computer technology, and will help standardize the order of the computer industry, crack down on computer crime, protect national information security.This dissertation will examine the closed-source software under the Windows platform. First we introduce the basis for vulnerability analysis, including the PE file structure and the basic concept of disassembly, then three different definitions of software vulnerability and the discussion of the vulnerability classification. After that, it details the static analysis techniques, which is mainly about how to understand disassembly code. Followed by some dynamic analysis techniques, after understanding the concept of breakpoint and single-step, we debug and trace the stack overflow, heap overflow and format string vulnerabilities.Then, we select two fairly representative vulnerabilities, that is, the IE 0day Aurora vulnerability of January 2010 of and in the year of 2008, MS08-067 vulnerability. The former is application software vulnerability and the latter is system software vulnerability. Combined with the actual code snippet and the feedback of debuggers, we debug the two vulnerabilities and explain the technical details.Finally, we summarize and forecast the research on software security vulnerabilities.更多还原