基于符号执行技术的网络程序漏洞检测系统

计算机科学 ›› 2018, Vol. 45 ›› Issue (11A): 325-329.

基于符号执行技术的网络程序漏洞检测系统

邓兆琨, 陆余良, 朱凯龙, 黄晖

国防科技大学合肥230037

出版日期:2019-02-26 发布日期:2019-02-26
作者简介:邓兆琨(1993-),男,硕士生,主要研究方向为网络空间安全、漏洞挖掘分析,E-mail:dengzhaokun1993@126.com;陆余良(1964－),男,教授,博士生导师,主要研究方向为计算机网络安全;朱凯龙(1992－),男,博士生,主要研究方向为网络态势、漏洞分析;黄晖(1987-),男,博士,主要研究方向为漏洞分析。
基金资助:
本文受国家重点研发计划“网络空间安全”重点专项(2017YFB0802905)资助。

Symbolic Execution Technology Based Defect Detection System for Network Programs

DENG Zhao-kun, LU Yu-liang, ZHU Kai-long, HUANG Hui

National University of Defense Technology,Hefei 230037,China

Online:2019-02-26 Published:2019-02-26

摘要/Abstract

摘要： 网络程序由运行在不同物理节点上的服务器端和客户端组成。与普通二进制程序不同,网络程序在运行过程中,其服务器端和客户端会进行实时的通信和数据传输,二者之间的交互过程会对彼此的程序运行产生影响,因此,仅对服务器端程序进行分析常会导致漏洞的漏报或误报。首先以对网络程序进行自动化漏洞检测为目标,基于软件虚拟机的动态二进制翻译机制和选择性符号执行技术,对符号化数据的引入、符号执行过程中程序双端的状态同步技术进行了研究。然后通过重点函数挂钩的方式监控程序执行过程,确定了双端状态同步的判定模型,构建了一个自动化的网络程序漏洞检测系统。通过实验验证了该系统在实际网络程序漏洞发现过程中的有效性,并针对商业软件中存在的CVE漏洞进行了测试性检测,进一步证明了该系统的可推广性。

关键词: 函数挂钩, 漏洞检测, 网络程序, 选择符号执行, 状态同步

Abstract: The network software consists of a server and a client running on different physical nodes.Unlike ordinary binary programs,when the network software running,the server and client will communicate and transmit data in real time,and the interaction between two sides will impact on each other’s program running,so the analyzing only on ser-ver-side often leads to fault or omission of software vulnerabilities.This paper studied the state synchronization techno-logy of the two point and the process of symbolic data introduced,which is based on software virtual machine of dyna-mic binary translation mechanism and selective symbol execution technology.Through the key function hook method,the program execution process was monitored,the two-terminal state synchronization decision model was determined,and an automated network program vulnerability detection system was built.The experiment verified the effectiveness of the system in the discovery vulnerabilities of the actual network software.Finally,this system was tested by detecting the CVE vulnerabilities in the software,and the experiment results also proved the effectiveness of this system.

Key words: Function hooks, Network program, Selective symbol execution, State synchronization, Vulnerabilities detecting

中图分类号:

TP311

邓兆琨, 陆余良, 朱凯龙, 黄晖. 基于符号执行技术的网络程序漏洞检测系统[J]. 计算机科学, 2018, 45(11A): 325-329. https://doi.org/

DENG Zhao-kun, LU Yu-liang, ZHU Kai-long, HUANG Hui. Symbolic Execution Technology Based Defect Detection System for Network Programs[J]. Computer Science, 2018, 45(11A): 325-329. https://doi.org/

参考文献

[1]王彤彤,韩文报,王航.基于安全需求的软件漏洞分析模型[J].计算机科学,2007,34(9):287-289.
[2]MOLNAR D,LI X C,WAGNER D.Dynamic Test Generationto Find Integer Bugs in x86 Binary Linux Programs[C]∥18^th Conference on USENIX Security Symposium.New York:ACM,2009:67-82.
[3]WEN S,FENG C,MENG Q,et al.Analyzing network protocol binary software with joint symbolic execution[C]∥International Conference on Systems and Informatics.IEEE,2017:738-742.
[4]SONG J S,KIM H,PARK S.Enhancing Conformance Testing Using Symbolic Execution for Network Protocols[J].IEEE Transactions on Reliability,2015,64(3):1024-1037.
[5]牛伟纳,丁雪峰,刘智,等.基于符号执行的二进制代码漏洞发现[J].计算机科学,2013,40(10):119-121.
[6]KING J C.Symbolic execution and program testing[J].Communications of the Acm,1976,19(7):385-394.
[7]FERENC G,DIMI C Z,LUTOVAC M,et al.Distributed robot control system implemented on the client and server PCs based on the CORBA protocol[C]∥Proceedings of Mediterranean Conference on Embedded Computing.2012:158-161.
[8]FREUND E,ROSSMANN J,SCHLUSE M,et al.Using super visory control methods for model based control of multi-agent systems [C]∥Proceedings of Conference on IEEE Robotics,Automation and Mechatronics.2004:649-656.
[9]NAKAGAWA S,IGARASHI N,TSUCHIYA Y,et al.An implementation of a distributed service framework for cloud-based robot services[C]∥Proceedings of the 38th Annual Conference on IEEE Industrial Electronics Society.2012:4148-4153.
[10]GILPIN K,KOTAY K,RUS D,et al.Miche:Modular Shape Formation by Self-Disassembly[J].International Journal of Robotics Research,2008,27(34):345-372.
[11]SPROWITZ A,POUYA S,BONARDI S,et al.Roombots:re-configurablerobots for adap-tive furniture[J].IEEE Computational Intelligence Magazine,2010,5(3):20-32.
[12]GASCON H,WRESSNEGGER C,YAMAGUCHI F,et al.Pulsar:Stateful Black-Box Fuzzing of Proprietary Network Protocols[J].Springer International Publishing,2015,5168:330-347.
[13]SONG J S,CADAR C,PIETZUCH P.SymbexNet:Testing Network Protocol Implementations with Symbolic Execution and Rule-Based Specifications[J].IEEE Transactions on Software Engineering,2014,40(7):695-709.
[14]SONG J S,KIM H,PARK S.Enhancing Conformance Testing Using Symbolic Execution for Network Protocols[J].IEEE Transactions on Reliability,2015,64(3):1024-1037.
[15]冯震,聂森,王轶骏,等.基于S2E的Use-After-Free漏洞检测方案[J].计算机应用与软件,2016,33(4):273-276.

相关文章 10

[1]	张潆藜, 马佳利, 刘子昂, 刘新, 周睿. 以太坊Solidity智能合约漏洞检测方法综述 Overview of Vulnerability Detection Methods for Ethereum Solidity Smart Contracts 计算机科学, 2022, 49(3): 52-61. https://doi.org/10.11896/jsjkx.210700004
[2]	李明磊, 黄晖, 陆余良, 朱凯龙. SymFuzz:一种复杂路径条件下的漏洞检测技术 SymFuzz:Vulnerability Detection Technology Under Complex Path Conditions 计算机科学, 2021, 48(5): 25-31. https://doi.org/10.11896/jsjkx.200600128
[3]	涂良琼, 孙小兵, 张佳乐, 蔡杰, 李斌, 薄莉莉. 智能合约漏洞检测工具研究综述 Survey of Vulnerability Detection Tools for Smart Contracts 计算机科学, 2021, 48(11): 79-88. https://doi.org/10.11896/jsjkx.210600117
[4]	龚扣林, 周宇, 丁笠, 王永超. 基于BiLSTM模型的漏洞检测 Vulnerability Detection Using Bidirectional Long Short-term Memory Networks 计算机科学, 2020, 47(5): 295-300. https://doi.org/10.11896/jsjkx.190800046
[5]	缪旭东,王永春,曹星辰,方峰. 基于模式匹配的安全漏洞检测方法 Detection Approach for Security Vulnerability Based on Pattern Matching 计算机科学, 2017, 44(4): 109-113. https://doi.org/10.11896/j.issn.1002-137X.2017.04.024
[6]	万燕,赵希,王国林. 基于OVAL的安卓漏洞检测评估系统 Android Vulnerability Detection and Assessment System Based on OVAL 计算机科学, 2017, 44(4): 79-81. https://doi.org/10.11896/j.issn.1002-137X.2017.04.017
[7]	王涛,韩兰胜,付才,邹德清,刘铭. 软件漏洞静态检测模型及检测框架 Static Detection Model and Framework for Software Vulnerability 计算机科学, 2016, 43(5): 80-86. https://doi.org/10.11896/j.issn.1002-137X.2016.05.015
[8]	朱正欣,曾凡平,黄心依. 二进制程序的动态符号化污点分析 Dynamic Symbolic Taint Analysis of Binary Programs 计算机科学, 2016, 43(2): 155-158. https://doi.org/10.11896/j.issn.1002-137X.2016.02.034
[9]	. 基于市场占有率的操作系统安全漏洞检测模型计算机科学, 2009, 36(4): 159-162.
[10]	许俊杰蔡皖东. 一种远程缓冲区溢出漏洞检测模型及系统实现计算机科学, 2008, 35(6): 60-62.

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed