计算机科学 ›› 2019, Vol. 46 ›› Issue (7): 133-138.doi: 10.11896/j.issn.1002-137X.2019.07.021
黄钊,黄曙光,邓兆琨,黄晖
HUANG Zhao,HUANG Shu-guang,DENG Zhao-kun,HUANG Hui
摘要: SEH即结构化异常处理,是Windows操作系统提供给程序设计者处理程序错误或异常的途径。然而SEH的链式处理方式使得程序中可能存在相应漏洞。针对该问题,为提升程序安全性,提出一种基于SEH的漏洞自动测试用例生成方法。首先判断程序是否存在基于SEH被攻击的漏洞风险性,若存在则构建和调整测试用例约束,并自动求解生成相应测试用例。该方法一方面扩展了当前的自动测试用例生成模式,另一方面可在GS保护开启时仍能生成有效测试用例。最后通过实验验证了该方法的有效性。
中图分类号:
[1]林桠泉.漏洞战争:软件漏洞分析精要[M].北京:电子工业出版社,2016.<br /> [2]MILLER C,CABALLERO J,BERKELEY U,et al.Crash analysis with BitBlaze[J].Revista Mexicana De Sociologia,2010,44(1):81-117.<br /> [3]PIETREK M.A Crash Course on the Depths of Win32 Structured Exception Handling[J].Microsoft Systems Journal,1997,1.<br /> [4]XU Y F,ZAHNG J H,WEN W P.Windows Security:The gra- dual improvement of SEH mechanism [J].Netinfo Security,2009(5):47-50.(in Chinese)<br /> 徐有福,张晋含,文伟平.Windows安全之SEH安全机制分析[J].信息网络安全,2009(5):47-50.<br /> [5]HE L,SU P L.Automatic software vulnerabilities exploit gene- ration research progress [J].China Education Network,2016(z1):46-48. 和亮,苏璞睿.软件漏洞自动利用研究进展[J].中国教育网络,2016(z1):46-48.<br /> [6]AVGERINOS T,SANG K C,REBERT A,et al.Automatic exploit generation[J].Communications of the Acm,2014,57(2):74-84.<br /> [7]HUANG S K,HUANG M H,HUANG P Y,et al.CRAX:Software Crash Analysis for Automatic Exploit Generation by Mo-deling Attacks as Symbolic Continuations[C]∥IEEE Sixth International Conference on Software Security and Reliability.IEEE Computer Society,2012:78-87.<br /> [8]YAN S,WANG R,SALLS C,et al.SOK:(State of) The Art of War:Offensive Techniques in Binary Analysis[C]∥Security and Privacy.IEEE,2016:138-157.<br /> [9]CHIPOUNOV V,GEORGESCU V,ZAMFIR C,et al.Selective Symbolic ution[C]∥The Workshop on Hot Topics in System Dependability.2009:1286-1299.<br /> [10]吴世忠,郭涛,董国伟,等.软件漏洞分析技术[M].北京:科学出版社,2014:134.<br /> [11]ZHANG Y F.Improving the Scalability and Feasibility of Symbolic ution [D].Changsha:National University of Defense Technology,2013.(in Chinese)<br /> 张羽丰.符号执行可扩展性及可行性关键技术研究[D].长沙:国防科技大学,2013.<br /> [12]CADAR C,DUNBAR D,ENGLER D.KLEE:unassisted and automatic generation of high-coverage tests for complex systems programs[C]∥Usenix Conference on Operating Systems Design and Implementation.USENIX Association,2009:209-224.<br /> [13]STUMP A.CVC:a Cooperating Varidity Checher[C]∥Proc.of International Conference on Computer-Aided Verification.2002.<br /> [14]GANESH V,DILL D L.A Decision Procedure for Bit-Vectors and Arrays[C]∥Computer Aided Verification,International Conference,CAV 2007.Berlin:DBLP,2007:519-531.<br /> [15]MOURA L D,BJ RNER N.Z3:An Efficient SMT Solver[C]∥International Conference on Tools and Algorithms for the Construction and Analysis of Systems.Berlin:Springer,2008:337-340.<br /> [16]王清.0day安全:软件漏洞分析技术(第2版)[M].北京:电子工业出版社,2011. |
[1] | 李明磊, 黄晖, 陆余良, 朱凯龙. SymFuzz:一种复杂路径条件下的漏洞检测技术 SymFuzz:Vulnerability Detection Technology Under Complex Path Conditions 计算机科学, 2021, 48(5): 25-31. https://doi.org/10.11896/jsjkx.200600128 |
[2] | 周晟伊, 曾红卫. 进化算法与符号执行结合的程序复杂度分析方法 Program Complexity Analysis Method Combining Evolutionary Algorithm with Symbolic Execution 计算机科学, 2021, 48(12): 107-116. https://doi.org/10.11896/jsjkx.210200052 |
[3] | 方皓, 吴礼发, 吴志勇. 基于符号执行的Return-to-dl-resolve利用代码自动生成方法 Automatic Return-to-dl-resolve Exploit Generation Method Based on Symbolic Execution 计算机科学, 2019, 46(2): 127-132. https://doi.org/10.11896/j.issn.1002-137X.2019.02.020 |
[4] | 叶志斌,严波. 符号执行研究综述 Survey of Symbolic Execution 计算机科学, 2018, 45(6A): 28-35. |
[5] | 李航, 臧洌, 甘露. 基于蚁群算法的猜测符号执行的路径搜索 Search of Speculative Symbolic Execution Path Based on Ant Colony Algorithm 计算机科学, 2018, 45(6): 145-150. https://doi.org/10.11896/j.issn.1002-137X.2018.06.025 |
[6] | 张婧,周安民,刘亮,贾鹏,刘露平. Crash可利用性分析方法研究综述 Review of Crash Exploitability Analysis Methods 计算机科学, 2018, 45(5): 5-14. https://doi.org/10.11896/j.issn.1002-137X.2018.05.002 |
[7] | 邓兆琨, 陆余良, 朱凯龙, 黄晖. 基于符号执行技术的网络程序漏洞检测系统 Symbolic Execution Technology Based Defect Detection System for Network Programs 计算机科学, 2018, 45(11A): 325-329. |
[8] | 邓维,李兆鹏. 形状分析符号执行引擎中的状态合并 State Merging for Symbolic Execution Engine with Shape Analysis 计算机科学, 2017, 44(2): 209-215. https://doi.org/10.11896/j.issn.1002-137X.2017.02.034 |
[9] | 陈勇,徐超. 基于符号执行和人机交互的自动向量化方法 Symbolic Execution and Human-Machine Interaction Based Auto Vectorization Method 计算机科学, 2016, 43(Z6): 461-466. https://doi.org/10.11896/j.issn.1002-137X.2016.6A.109 |
[10] | 梁家彪,李兆鹏,朱玲,沈咸飞. 支持形状分析的符号执行引擎的设计与实现 Symbolic Execution Engine with Shape Analysis 计算机科学, 2016, 43(3): 193-198. https://doi.org/10.11896/j.issn.1002-137X.2016.03.036 |
[11] | 李华,邢熠,张玉荣. 基于Token选取的OpenStack单一平面网络建模方法 Modeling OpenStack Single Plane Network Based on Token Selection 计算机科学, 2016, 43(11): 66-70. https://doi.org/10.11896/j.issn.1002-137X.2016.11.012 |
[12] | 王志文,黄小龙,王海军,刘烃,俞乐晨. 基于程序切片的测试用例生成系统研究与实现 Program Slicing-guied Test Case Generation System 计算机科学, 2014, 41(9): 71-74. https://doi.org/10.11896/j.issn.1002-137X.2014.09.012 |
[13] | 张亚军,李舟军,廖湘科,蒋瑞成,李海峰. 自动化白盒模糊测试技术研究 Survey of Automated Whitebox Fuzz Testing 计算机科学, 2014, 41(2): 7-10. |
[14] | 陈翔,顾庆,陈道蓄. 回归测试中测试用例集扩充技术研究进展 Research Advances in Test Suite Augmentation for Regression Testing 计算机科学, 2013, 40(6): 8-15. |
[15] | 牛伟纳,丁雪峰,刘智,张小松. 基于符号执行的二进制代码漏洞发现 Vulnerability Finding Using Symbolic Execution on Binary Programs 计算机科学, 2013, 40(10): 119-121. |
|