计算机科学 ›› 2016, Vol. 43 ›› Issue (2): 155-158.doi: 10.11896/j.issn.1002-137X.2016.02.034
朱正欣,曾凡平,黄心依
ZHU Zheng-xin, ZENG Fan-ping and HUANG Xin-yi
摘要: 污点分析技术常用于跟踪二进制程序的信息流及检测安全漏洞,通过程序的动态执行来检测程序中由测试用例触发的漏洞。它的误报率很低,但是漏报率较高。针对污点分析的这一问题,动态符号化污点分析方法对污点分析进行了改进,通过将污点分析符号化来降低漏报率。根据基于指令的污点传播来获得相关污点数据的信息,同时制定符号化的风险分析规则,通过检测污点信息是否违反风险规则来发现存在的风险。实验结果表明,该方法不仅具有污点分析低误报率的优点,而且克服了污点分析高漏报率的缺点。在污点分析过程中产生的漏洞、风险及相关污点信息还可用于指导测试用例的生成,提高测试效率并降低测试用例的冗余。
[1] Peach [EB/OL].http://peachfuzzer.com/.2009 June [2] SPIKE.http://www.immunitysec.com/resources-free-software.shtml [3] Luk C K,Cohn R,Muth R,et al.Pin:building customized program analysis tools with dynamic instrumentation[J].ACM Sigplan Notices,2005,0(6):190-200 [4] Nethercote N,Seward J.Valgrind:a framework for heavyweight dynamic binary instrumentation[J].ACM Sigplan Notices,ACM,2007,2(6):89-100 [5] Newsome D S J.Dynamic Taint Analysis:Automatic Detection,Analysis,and Signature Generation of Exploit Attacks on Commodity Software[C]∥Proceedings of the 12th Annual Network and Distributed System Security Symposium (NDSS).2005 [6] Qin F,Wang C,Li Z,et al.Lift:A low-overhead practical information flow tracking system for detecting security attacks[C]∥39th Annual IEEE/ACM International Symposium on Microarchitecture,2006(MICRO-39).IEEE,2006:135-148 [7] Clause J,Li W,Orso A.Dytan:a generic dynamic taint analysis framework[C]∥Proceedings of the 2007 international sympo-sium on Software testing and analysis.ACM,2007:196-206 [8] Bekrar S,Bekrar C,Groz R,et al.A taint based approach forsmart fuzzing[C]∥2012 IEEE Fifth International Conference on Software Testing,Verification and Validation (ICST).IEEE,2012:818-825 [9] King J C.Symbolic execution and program testing[J].Communications of the ACM,1976,9(7):385-394 [10] Niu Wei-na,Ding Xue-feng,Liu Zhi,et al.Vulnerability Finding Using Symbolic Execution on binary program[J].Computer Scie-nce,2013,0(10):119-121,8(in Chinese) 牛伟纳,丁雪峰,刘智,等.基于符号执行的二进制代码漏洞发现[J].计算机科学,2013,0(10):119-121,8 [11] Kang M G,McCamant S,Poosankam P,et al.DTA++:Dynamic Taint Analysis with Targeted Control-Flow Propagation∥www.cs.berkeley.edu/~dawnsong/papers/2011%20dat++-ndss11.pdf [12] Wang T,Wei T,Gu G,et al.TaintScope:A checksum-aware directed fuzzing tool for automatic software vulnerability detection[C]∥2010 IEEE Symposium on Security and Privacy (SP).IEEE,2010:497-512 [13] Wang Z,Tang Z,Zhou K,et al.DsVD:An Effective Low-Overhead Dynamic Software Vulnerability Discoverer[C]∥2011 10th International Symposium on Autonomous Decentralized Systems (ISADS).IEEE,2011:372-377 [14] Pin.https://software.intel.com/en-us/articles/pintool [15] Kemerlis V P,Portokalidis G,Jee K,et al.libdft:Practical dynamic data flow tracking for commodity systems[J].ACM SIGPLAN Notices,ACM,2012,7(7):121-132 |
No related articles found! |
|