计算机科学 ›› 2010, Vol. 37 ›› Issue (7): 148-151.
• 软件工程 • 上一篇 下一篇
唐和平,黄曙光,张亮
出版日期:
发布日期:
TANG He-ping HUANG Shu-guang ZHANG Liang
Online:
Published:
摘要: 安全相关的函数使用了来自网络用户输入或配置文件的非可信数据,由于未经过严格验证,引发了软件安全问题。大量软件漏洞都与非可信数据传播相关。非可信数据传播分析的漏洞利用检测系统将从网络用户输入或配置文件中获得的非可信数据标记为污染数据,使用信息流方法分析污染数据的传播范围,对可能使用污染数据的函数使用多种策略进行污染检查。借助开源的虚拟机代码实现动态信息流跟踪的漏洞检测原型系统,并优化了漏洞利用检测过程。
关键词: 动态污染分析,漏洞利用检测,信息流分析,污染场景分析
Abstract: Untrusted data originating from network user input and configuration files, causes many software security problems,when operated by security-critical function without strict data validation. Keeping track of the propagation of untrusted data is the main idea of dynamic taint analysis for vulnerability exploits detection. Data derived from network user input and configuration files were labeled as taint. Executed taint propagating algorithm by virtue of data flow analysis,and carried out several taint detection policies for each security-critical function. A vulnerability prototype system was implemented on open source emulator and many optimization mechanisms were exploits detection deployed.
Key words: Dynamic taint analysis, Vulnerability exploits detection, Information flow analysis,Tainted scenes analysis
唐和平,黄曙光,张亮. 动态信息流分析的漏洞利用检测系统[J]. 计算机科学, 2010, 37(7): 148-151. https://doi.org/
TANG He-ping HUANG Shu-guang ZHANG Liang. Dynamic Information Flow Analysis for Vulnerability Exploits Detection[J]. Computer Science, 2010, 37(7): 148-151. https://doi.org/
0 / / 推荐
导出引用管理器 EndNote|Reference Manager|ProCite|BibTeX|RefWorks
链接本文: https://www.jsjkx.com/CN/
https://www.jsjkx.com/CN/Y2010/V37/I7/148
Cited