计算机科学 ›› 2022, Vol. 49 ›› Issue (11): 49-54.doi: 10.11896/jsjkx.210900230
施瑞恒, 朱云聪, 赵易如, 赵磊
SHI Rui-heng, ZHU Yun-cong, ZHAO Yi-ru, ZHAO Lei
摘要: 漏洞利用脚本在安全研究中有着极为重要的作用,安全研究人员需要研究漏洞利用脚本触发以及利用漏洞的方式,来对漏洞程序进行有效的防护。然而,从网络中获取的大量漏洞利用脚本的通用性和适配性都很差,局限于特定的操作系统及环境,会因运行环境的改变而失效。这个问题在基于ROP的漏洞利用脚本中尤为普遍,使得ROP漏洞利用脚本的移植利用分析变得非常困难,需要依赖于大量的人工辅助与专家经验。针对ROP漏洞利用脚本的移植利用难题,提出了ROPTrans系统,通过ROP漏洞利用脚本的语义识别,定位与运行环境相关的关键语义及其变量,随后自动化适配环境,生成目标环境下的ROP漏洞利用脚本,以实现ROP脚本的自动化移植。实验结果表明,ROPTrans的成功率可以到达80%,验证了该方法的有效性。
中图分类号:
[1]ARCE I.The shellcode generation[J].IEEE Security & Privacy,2004,2(5):72-76. [2]ROEMER R,BUCHANAN E,SHACHAM H,et al.Return-oriented programming:Systems,languages,and applications[J].ACM Transactions on Information and System Security(TISSEC),2012,15(1):1-34. [3]VISHNYAKOV A V,NURMUKHAMETOV A R.Survey ofMethods for Automated Code-Reuse Exploit Generation[J].Programming and Computer Software,2021,47(4):271-297. [4]BUCHANAN E,ROEMER R,SHACHAM H,et al.When good instructions go bad:Generalizing return-oriented programming to RISC[C]//Proceedings of the 15th ACM Conference on Computer and Communications Security.2008:27-38. [5]BAO T,WANG R,SHOSHITAISHVILI Y,et al.Your exploit is mine:Automatic Shellcode transplant for remote exploits[C]//2017 IEEE Symposium on Security and Privacy(SP).IEEE,2017:824-839. [6]NEWSOME J,SONG D X.Dynamic Taint Analysis for Auto-matic Detection,Analysis,and Signature Generation of Exploits on Commodity Software[C]//NDSS.2005:3-4. [7]KANG M G,MCCAMANT S,POOSANKAM P,et al.Dta++:dynamic taint analysis with targeted control-flow propagation[C]//NDSS.2011. [8]CHARNIAK E.Tree-bank grammars[C]//Proceedings of the National Conference on Artificial Intelligence.1996:1031-1036. [9]YOU W,ZONG P,CHEN K,et al.Semfuzz:Semantics-basedautomatic generation of proof-of-concept exploits[C]//Procee-dings of the 2017 ACM SIGSAC Conference on Computer and Communications Security.2017:2139-2154. [10]CHOWDHARY K R.Natural language processing[M]//Fundamentals of Artificial Intelligence.New Delhi:Springer,2020:603-649. [11]LAM M S,MARTIN M,LIVSHITS B,et al.Securing web applications with static and dynamic information flow tracking[C]//Proceedings of the 2008 ACM SIGPLAN symposium on Partial Evaluation and Semantics-based Program Manipulation.2008:3-12. |
[1] | 李鹏宇, 刘胜利, 尹小康, 刘昊晖. 面向Cisco IOS的ROP攻击检测方法 Detection Method of ROP Attack for Cisco IOS 计算机科学, 2022, 49(4): 369-375. https://doi.org/10.11896/jsjkx.210300153 |
[2] | 刘培文, 舒辉, 吕小少, 赵耘田. 基于有限状态机的内核漏洞攻击自动化分析技术 Automatic Analysis Technology of Kernel Vulnerability Attack Based on Finite State Machine 计算机科学, 2022, 49(11): 326-334. https://doi.org/10.11896/jsjkx.211200039 |
[3] | 曹浩, 郭绍忠, 刘聃, 许瑾晨. 面向64位RISC-V的基础数学库自动化移植 Automatic Porting of Basic Mathematics Library for 64-bit RISC-V 计算机科学, 2021, 48(6): 41-47. https://doi.org/10.11896/jsjkx.201200058 |
[4] | 钟岳, 方虎生, 张国玉, 王钊, 朱经纬. 基于9轴姿态传感器的CNN旗语动作识别方法 Method of CNN Flag Movement Recognition Based on 9-axis Attitude Sensor 计算机科学, 2021, 48(6): 153-158. https://doi.org/10.11896/jsjkx.200500005 |
[5] | 刘华玲, 皮常鹏, 刘梦瑶, 汤新. 一种新的优化机制:Rain New Optimization Mechanism:Rain 计算机科学, 2021, 48(11A): 63-70. https://doi.org/10.11896/jsjkx.201100032 |
[6] | 王茂光, 杨行. 一种基于AP-Entropy选择集成的风控模型和算法 Risk Control Model and Algorithm Based on AP-Entropy Selection Ensemble 计算机科学, 2021, 48(11A): 71-76. https://doi.org/10.11896/jsjkx.210200110 |
[7] | 高航航,赵尚弘,王翔,张晓燕. 基于系统最优的航空信息网络流量均衡方案 Traffic Balance Scheme of Aeronautical Information Network Based on System Optimal Strategy 计算机科学, 2020, 47(3): 261-266. https://doi.org/10.11896/jsjkx.190200296 |
[8] | 葛娜, 孙连英, 石晓达, 赵平. Prophet-LSTM组合模型的销售量预测研究 Research on Sales Forecast of Prophet-LSTM Combination Model 计算机科学, 2019, 46(6A): 446-451. |
[9] | 陈深进, 薛洋. 基于改进卷积神经网络的短时公交客流预测 Short-term Bus Passenger Flow Prediction Based on Improved Convolutional Neural Network 计算机科学, 2019, 46(5): 175-184. https://doi.org/10.11896/j.issn.1002-137X.2019.05.027 |
[10] | 方皓, 吴礼发, 吴志勇. 基于符号执行的Return-to-dl-resolve利用代码自动生成方法 Automatic Return-to-dl-resolve Exploit Generation Method Based on Symbolic Execution 计算机科学, 2019, 46(2): 127-132. https://doi.org/10.11896/j.issn.1002-137X.2019.02.020 |
[11] | 彭建山,周传涛,王清贤,丁大钊. 基于多路径分发的ROP框架构造方法 Construction Method of ROP Frame Based on Multipath Dispatcher 计算机科学, 2018, 45(1): 240-244. https://doi.org/10.11896/j.issn.1002-137X.2018.01.042 |
[12] | 董加星,许畅. 一种面向功能类似程序的高效克隆检测技术 Efficient Clone Detection Technique for Functionally Similar Programs 计算机科学, 2017, 44(4): 12-15. https://doi.org/10.11896/j.issn.1002-137X.2017.04.003 |
[13] | 朱丽华,文艳军,董威. 基于语义补丁的Linux驱动程序后向移植技术 Backporting of Linux Device Drivers Using Semantic Patch 计算机科学, 2017, 44(11): 64-68. https://doi.org/10.11896/j.issn.1002-137X.2017.11.010 |
[14] | 陈勇,徐超. 基于符号执行和人机交互的自动向量化方法 Symbolic Execution and Human-Machine Interaction Based Auto Vectorization Method 计算机科学, 2016, 43(Z6): 461-466. https://doi.org/10.11896/j.issn.1002-137X.2016.6A.109 |
[15] | 董卫宇,王瑞敏,戚旭衍,曾韵. 译码制导的动态二进制翻译优化 Decoding-directed Dynamic Binary Translation Optimization 计算机科学, 2015, 42(6): 189-192. https://doi.org/10.11896/j.issn.1002-137X.2015.06.041 |
|