计算机科学 ›› 2014, Vol. 41 ›› Issue (12): 19-23.doi: 10.11896/j.issn.1002-137X.2014.12.005
黄克振,连一峰,陈恺,张颖君,康恺
HUANG Ke-zhen,LIAN Yi-feng,CHEN Kai,ZHANG Ying-jun and KANG Kai
摘要: 近几年,整数溢出漏洞数量居高不下,危害性较大。目前,漏洞分析定位的方法仅在补丁自动生成或漏洞触发样本文件自动生成中有所涉及,且这些方法大多利用缓冲区溢出会覆盖其邻接内存数据的特点来进行定位分析,而整数溢出漏洞不具有直接覆盖重要数据的特点,所以现有的方法不能对其进行有效的定位分析。现阶段对整数溢出漏洞的分析大多依靠人工完成,效率较低。为了提高分析人员的工作效率,提出了一种结合动态污点分析技术进行EFLAGS标志位信息比对的方法,来将溢出点锁定在少量的地址中。在此基础上实现了一套整数溢出漏洞溢出点定位系统,并对提出的方法进行了验证。
[1] Silberman P,Johnson R.A comparison of buffer overflow prevention implementations and weaknesses [R].IDEFENSE,August,2004 [2] Christery S,Martin R A.Vulnerability type distributions inCVE [R].Mitre report,May 2007 [3] Wang T,Wei T,Lin Z,et al.Intscope:Automatically detecting integer overflow vulnerability in x86 binary using symbolic execution.www.isoc.com/isoc/conferences/ndss/09/pdf/17.pdf [4] Wang Y,Gu D,Xu J,et al.RICB:Integer overflow vulnerability dynamic analysis via buffer overflow [M]∥Forensics in Telecommunications,Information,and Multimedia,2011:99-109 [5] Chen P,Han H,Wang Y,et al.intfinder:automatically detecting integer bugs in x86 binary program [M]∥Information and Communications Security,2009:336-345 [6] Luk C K,Cohn R,Muth R,et al.Pin:building customized program analysis tools with dynamic instrumentation;proceedings of the ACM SIGPLAN Notices[C]∥F,2005.ACM,2005:190-200 [7] YanivMiron aka Lament.Microsoft Patch Analysis.Confidence 2010.http://www.intelligentexploit.com/articres/Microsoft-Patch-Analysis.pdf [8] CVE stack overflow.http://www.cve.mitre.org/cgi-bin/cvekey.cgi?keyword=stack%20overflow [9] CVE integer overflow.http://www.cve.mitre.org/cgi-bin/cvekey.cgi?keyword=integer%20overflow [10] Newsome J,Song D.Dynamic taint analysis for automatic detection,analysis,and signature generation of exploits on commodity software .citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.62.8372 [11] 陈恺,苏璞睿,冯登国.基于延后策略的动态多路径分析方法[J].计算机学报,2010,33(3):493-503 [12] Wang Y,Ruan D,Tang Z,et al.RICF:Dynamic Analysis of Integer Arithmetic Overflow Vulnerability via Finite State Machine [J].Journal of Computational Information Systems,2010,6(6):1933-41 [13] Chen K,Feng D G,Su P R,et al.Black-box testing based on colorful taint analysis [J].Science China Information sciences,2012,55(1):171-83 [14] Jeongwook O H.ExploitSpotting:Locating Vulnerabilities Outof Vender Pathes Automatically.http://www.blackhat.com/htrul/bh-us-10/bh-us-to-briefings.html [15] Chen Kai,Lian Yi-feng,Zhang Ying-jun.AutoDunt:DynamicLatency Dependence Analysis for Accurate Detection of Zero Day Vulnerabilities[C]∥ICICS.2010:367-382 [16] Avgerinos T,Cha S K,Hao B L T,et al.AEG:Automatic exploit generation[J].Communications of the ACM,2011,7(2):74-84 [17] Brumley D,Poosankam P,Song D,et al.Automatic patch-based exploit generation is possible:Techniques and implications[C]∥2008 SP 2008 IEEE Symposium on Proceedings of the Security and Privacy.IEEE,2008 [18] Chen K,Lian Y,Zhang Y.Automatically generating patch in binary programs using attribute-based taint analysis [M].Information and Communications Security,2010,367-82 [19] Johnson N M,Caballero J,Chen K Z,et al.Differential slicing:Identifying causal execution differences for security applications[C]∥2011 IEEE Symposium on Proceedings of the Security and Privacy (SP).IEEE,2011:347-362 [20] Bryant R,David Richard O H.Computer systems:a program-mer’s perspective [M].Prentice Hall,2003 |
No related articles found! |
|