计算机科学 ›› 2018, Vol. 45 ›› Issue (9): 171-176.doi: 10.11896/j.issn.1002-137X.2018.09.028

• 信息安全 • 上一篇    下一篇

基于协议状态图遍历的RTSP协议漏洞挖掘

李佳莉1, 陈永乐1, 李志2,3, 孙利民2,3,4   

  1. 太原理工大学计算机科学与技术学院 太原0306001
    物联网信息安全技术北京市重点实验室 北京1000932
    中国科学院信息工程研究所 北京1000933
    中国科学院大学 北京1000494
  • 收稿日期:2017-08-17 出版日期:2018-09-20 发布日期:2018-10-10
  • 通讯作者: 陈永乐(1983-),男,副教授,硕士生导师,CCF会员,主要研究方向为物联网安全、无线传感器网络等,E-mail:chenyongle@tyut.edu.cn
  • 作者简介:李佳莉(1991-),女,硕士生,主要研究方向为物联网安全,E-mail:1007475906@qq.com;李 志(1985-),男,博士,助理研究员,主要研究方向为移动计算、容忍延迟网络、物联网及安全;孙利民(1968-),男,博士后,研究员,博士生导师,主要研究方向为物联网及安全。
  • 基金资助:
    本文受国家重点研发计划(2016YFB0800202),国家自然科学基金(61401300),国防基础科研计划-部队纵向(JCKY2016602B001),国家电网公司科学技术项目(52110417001B)资助。

Mining RTSP Protocol Vulnerabilities Based on Traversal of Protocol State Graph

LI Jia-li1, CHEN Yong-le1, LI Zhi2,3, SUN Li-min2,3,4   

  1. College of Computer Science and Technology,Taiyuan University of Technology,Taiyuan 030600,China1
    Beijing Key Laboratory of IOT Information Security,Beijing 100093,China2
    Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China3
    University of Chinese Academy of Sciences,Beijing 100049,China4
  • Received:2017-08-17 Online:2018-09-20 Published:2018-10-10

摘要: 目前,视频监控设备中很多摄像头、DVR、NVR都支持RTSP协议,而且由RTSP协议引起的缓冲区溢出漏洞个数较多,危害性大,因此对RTSP协议的研究具有理论意义和应用价值。直接利用模糊测试框架中的方法生成的测试用例数量庞大,测试过程耗时长。针对上述问题,以视频监控设备的RTSP协议为研究对象,提出对协议基本块的样本集进行去重,利用协议状态间的约束关系和状态转移的关联关系构造协议状态图,并基于协议状态图进行深度遍历的方法。该方法减少了测试用例的生成,并提高了生成的有效性。对RTSP协议进行fuzzy测试时,利用发送TCP探测包的方法,判断测试目标是否异常。去除记录的异常测试用例的冗余部分,以缩短后续重放过程的耗时,从而提高漏洞挖掘的效率。

关键词: RTSP协议, 漏洞挖掘, 模糊测试, 视频监控设备

Abstract: Currently,many video surveillance equipments like cameras,DVRs,and NVRs support RTSP protocol,and the number of buffer overflow vulnerabilities caused by the RTSP protocol is large and harmful.Therefore,the research on the RTSP protocol has both application value and theoretical significance.The number of test cases generated by directly using the fuzzy test framework is huge,and the test process takes a long time.Aiming at the above problems,this paper took the RTSP protocol of video surveillance equipment as the research object,and proposed a method which removes duplicate sample set of the protocol basic block,uses the constraint relationship and state transition between protocol states to construct protocol state diagram,and dose deep traversal based on protocol state diagram.This method reduces the generation of test cases and improves the effectiveness of generation.When the RTSP protocol is tested by fuzzing method,the method of sending a TCP probe packet is used to determine whether the test target is abnormal.The redundant part of the recorded abnormal test case is removed,which facilitates subsequent playback and reduces the time, thereby improving the efficiency of vulnerability mining.

Key words: Fuzzy test, RTSP protocol, Video surveillance equipment, Vulnerability mining

中图分类号: 

  • TP393
[1]SHI F Y,FU D S.A survey on analysis and utilization of buffer overflow vulnerability[J].Journal of Computer Science,2013,40(11):143-146.(in Chinese)
史飞悦,傅德胜.缓冲区溢出漏洞挖掘分析及利用的研究[J].计算机科学,2013,40(11):143-146.
[2]MEI H,WANG Q X,ZHANG L,et al.Analysis of the progress of software technology[J].Chinese Journal of Computers,2009,32(9):1697-1710.
[3]CHI Q,LUO H,QIAO X D.A survey of vulnerability mining and analysis technology[J].Computer and Information Techno-logy,2009(Z2):90-92.(in Chinese)
迟强,罗红,乔向东.漏洞挖掘分析技术综述[J].计算机与信息技术,2009(Z2):90-92.
[4]MA R,JI W,HU C,et al.Fuzz testing data generation for network protocol using classification tree[C]∥Communications Security Conference.IET,2014:1-5.
[5]MA R,WANG D,HU C,et al.Test data generation for Stateful network protocol fuzzing using a rule-based state machine[J].Tsinghua Science and Technology,2016,21(3):352-360.
[6]KIM S J,JO W Y,SHON T.A novel vulnerability analysis approach to generate fuzzing test case in industrial control systems[C]∥IEEE Information Technology,Networking,Electronic and Automation Control Conference.IEEE,2016:566-570.
[7]HAN X,WEN Q,ZHANG Z.A mutation-based fuzz testing approach for network protocol vulnerability detection[C]∥International Conference on Computer Science and Network Techno-logy.IEEE,2013:1018-1022.
[8]LI H,WANG S,ZHANG B,et al.Network protocol security
testing based on fuzz[C]∥International Conference on Compu-ter Science and Network Technology.IEEE,2015:955-958.
[9]WANG W,SUN H,ZENG Q.SeededFuzz:Selecting and Gene-rating Seeds for Directed Fuzzing[C]∥International Symposium on Theoretical Aspects of Software Engineering.IEEE,2016:49-56.
[10]MA R,REN S,MA K,et al.Semi-valid fuzz testing case generation for stateful network protocol[J].Tsinghua Science & Technology,2017,22(5):458-468.
[11]胡昌振,马锐,纪文东,et al.Case generation method for semi-legalized fuzz test of network protocol based on finite-state machine:CN 105095075 A[P].2015.
[12]NARAYAN J,SHUKLA S K,CLANCY T C.A Survey of Automatic Protocol Reverse Engineering Tools[J].Acm Computing Surveys,2015,48(3):1-26.
[13]MA R,ZHU T,HU C,et al.SulleyEX:A Fuzzer for Stateful Network Protocol[M]∥Network and Systems Security.2017:359-372.
[14]龚波,冯军.模糊测试——强制性安全漏洞发掘[M].北京:机械工业出版社,2009.
[15]Sulley[EB/OL].(2013-06-11)[2016-10-18].http://github.com/OpenRCE/sulley.
[16]RFC2326.RTSP Protocol[Z/OL].(2009-08-10).https://tools.ietf.org/html/rfc2326.
[1] 黄松, 杜金虎, 王兴亚, 孙金磊.
以太坊智能合约模糊测试技术研究综述
Survey of Ethereum Smart Contract Fuzzing Technology Research
计算机科学, 2022, 49(8): 294-305. https://doi.org/10.11896/jsjkx.220500069
[2] 胡志濠, 潘祖烈.
基于QRNN的网络协议模糊测试用例过滤方法
Testcase Filtering Method Based on QRNN for Network Protocol Fuzzing
计算机科学, 2022, 49(5): 318-324. https://doi.org/10.11896/jsjkx.210300281
[3] 李明磊, 黄晖, 陆余良, 朱凯龙.
SymFuzz:一种复杂路径条件下的漏洞检测技术
SymFuzz:Vulnerability Detection Technology Under Complex Path Conditions
计算机科学, 2021, 48(5): 25-31. https://doi.org/10.11896/jsjkx.200600128
[4] 郑建云, 庞建民, 周鑫, 王军.
基于约束推导式的增强型二进制漏洞挖掘
Enhanced Binary Vulnerability Mining Based on Constraint Derivation
计算机科学, 2021, 48(3): 320-326. https://doi.org/10.11896/jsjkx.200700047
[5] 李毅豪, 洪征, 林培鸿.
基于深度优先搜索的模糊测试用例生成方法
Fuzzing Test Case Generation Method Based on Depth-first Search
计算机科学, 2021, 48(12): 85-93. https://doi.org/10.11896/jsjkx.200800178
[6] 赵赛, 刘昊, 王雨峰, 苏航, 燕季薇.
Android组件间通信的模糊测试方法
Fuzz Testing of Android Inter-component Communication
计算机科学, 2020, 47(11A): 303-309. https://doi.org/10.11896/jsjkx.200100122
[7] 锁延锋,王少杰,秦宇,李秋香,丰大军,李京春.
工业控制系统的安全技术与应用研究综述
Summary of Security Technology and Application in Industrial Control System
计算机科学, 2018, 45(4): 25-33. https://doi.org/10.11896/j.issn.1002-137X.2018.04.004
[8] 张亚丰,洪征,吴礼发,周振吉,孙贺.
基于状态的工控协议Fuzzing测试技术
Protocol State Based Fuzzing Method for Industrial Control Protocols
计算机科学, 2017, 44(5): 132-140. https://doi.org/10.11896/j.issn.1002-137X.2017.05.024
[9] 程诚,周彦晖.
基于模糊测试和遗传算法的XSS漏洞挖掘
Findding XSS Vulnerabilities Based on Fuzzing Test and Genetic Algorithm
计算机科学, 2016, 43(Z6): 328-331. https://doi.org/10.11896/j.issn.1002-137X.2016.6A.078
[10] 张雄,李舟军.
模糊测试技术研究综述
Survey of Fuzz Testing Technology
计算机科学, 2016, 43(5): 1-8. https://doi.org/10.11896/j.issn.1002-137X.2016.05.001
[11] 张亚军,李舟军,廖湘科,蒋瑞成,李海峰.
自动化白盒模糊测试技术研究
Survey of Automated Whitebox Fuzz Testing
计算机科学, 2014, 41(2): 7-10.
[12] 侯莹,洪征,潘增,吴礼发.
基于模型的Fuzzing测试脚本自动化生成
Model Based Automatic Fuzzing Script Generation
计算机科学, 2013, 40(3): 206-209.
[13] 史飞悦,傅德胜.
缓冲区溢出漏洞挖掘分析及利用的研究
Research of Buffer Overflow Vulnerability Discovering Analysis and Exploiting
计算机科学, 2013, 40(11): 143-146.
[14] 陈韬,孙乐昌,潘祖烈,刘京菊.
基于文件格式的漏洞挖掘技术研究
Research on Software Vulnerability Mining Technique Based on File-format
计算机科学, 2011, 38(Z10): 78-82.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!