计算机科学 ›› 2022, Vol. 49 ›› Issue (11): 326-334.doi: 10.11896/jsjkx.211200039
刘培文1, 舒辉2, 吕小少2, 赵耘田2
LIU Pei-wen1, SHU Hui2, LYU Xiao-shao2, ZHAO Yun-tian2
摘要: 内核漏洞攻击是针对操作系统常用的攻击手段,对各攻击阶段进行分析是抵御该类攻击的关键。由于内核漏洞类型、触发路径、利用模式的复杂多样,内核漏洞攻击过程的分析难度较大,而且现有的分析工作主要以污点分析等正向程序分析方法为主,效率较低。为了提高分析效率,文中实现了一种基于有限状态机的内核漏洞攻击自动化分析技术。首先,构建了内核漏洞攻击状态转移图,作为分析的关键基础;其次,引入反向分析的思路,建立了基于有限状态机的内核漏洞攻击过程反向分析模型,能够减小不必要的分析开销;最后,基于模型实现了一种内核漏洞攻击反向分析方法,能够自动、快速地解析内核漏洞攻击流程。通过对10个攻击实例进行测试,结果表明,反向分析方法能够准确得到关键代码执行信息,且相比传统正向分析方法,分析效率有较大提高。
中图分类号:
[1]Vulnerability and technical analysis of Windows local rights rai-sing in APT activities [EB/OL].https://paper.seebug.org/1753/#apt. [2]ZHANG K,LIU J J.Network Attack Path Analysis MethodBased on Vulnerability Dynamic Availability[J].Netinfo Security,2021,21(4):62-72. [3]MA M Y,CHEN L W,MENG N.A Survey of Memory Corruption Attack and Defense [J].Journal of Cyber Security,2017,2(4):82-98. [4]Data-Oriented Programming:On the Expressiveness of Non-control Data Attacks[C]//Symposium on Security and Privacy(SP).2016:969-986. [5]JANG H,PARK M C,LEE D H.IBV-CFI:Efficient fine-grained control-flow integrity preserving CFG precision[J/OL].Computers & Security.https://www.researchgate.net/publication/340442234_IBV-CFI_Efficient_fine-grained_control-flow_integrity_preserving_CFG_precision. [6]LU S B,LIN Z C,ZHANG M.Kernel Vulnerability Analysis:A Survey[C]//2019 IEEEFourth International Conference on Data Science in Cyberspace(DSC).Hangzhou,China,2019:549-554. [7]PAN J F,YAN G L,FAN X C.Digtool:A virtualization-based framework for detecting kernel vulnerabilities[C]//26th USENIX Security Symposium(USENIX Security 17).Vancouver,BC:USENIX Association,2017:149-165. [8]JURCZYK M,COLDWIND G.Bochspwn:Exploiting KernelRace Conditions Found via Memory Access Patterns[C]//The Syscan’12 Conference.2013. [9]BRENDAN D G,JOSH H,PATRICK H,et al.Repeatable Reverse Engineering with PANDA[C]//5th Program Protection and Reverse Engineering Workshop(PPREW-5).Association for Computing Machinery,New York,NY,USA,2015:1-11. [10]MING J,WU D H,WANG J,et al.StraightTaint:decoupled offline symbolic taint analysis[C]//the 31st IEEE/ACM International Conference on Automated Software Engineering(ASE’16).2016:308-319. [11]WANG X J,MA R,DOU B W,et al.OFFDTAN:A New Approach of Offline Dynamic Taint Analysis for Binaries[C]//Security and Communication Networks.2018:1-13. [12]XU J,MU D L,CHEN P,et al.CREDAL:Towards Locating a Memory Corruption Vulnerability with Your Core Dump[C]//the 2016 ACM SIGSAC Conference on Computer and Communications Security(CCS ’16).Association for Computing Machinery,New York,NY,USA,2016:529-540. [13]XU J,MU D L,CHEN P,et al.POMP:Postmortem programanalysis with hardware-enhanced post-crash artifacts[C]//the 26th USENIX Security Symposium.USENIX Association,2017:17-32. [14]CUI W D,PEINADO M,CHA S K,et al.RETracer:Triaging Crashes by Reverse Execution from Partial Memory Dumps[C]//the 38th International Conference on Software Enginee-ring(ICSE).2016:820-831. [15]ZHENG Y,WANG Z,FAN X Y,et al.Localizing multiple software faults based on evolution algorithm[J].The Journal of Systems & Software,2018,139:107-123. [16]JIANG S J,ZHANG X,WANG R C,et al.Fault Localization Approach Based on Path Analysis and Information Entrop[J].Journal of Software,2021,32(7):2166-2182. [17]GUO W B,MU D L,XING X Y,et al.DEEPVSA:Facilitating Value-set Analysis with Deep Learning for Postmortem Program Analysis[C]//Proceedings of the 28th USENIX Security Symposium.Santa Clara:USENIX Association,2019:1787-1804. [18]YAGEMANN C,PRUETT M,CHUNG S P,et al.ARCUS:Symbolic Root Cause Analysis of Exploits in Production Systems[C]//the 30th USENIX Security Symposium.2021. [19]BLAZYTKO T,SCHLOGEL M,ASCHERMANN C,et al.AURORA:Statistical Crash Analysis for Automated Root Cause Explanation[C]// the 29th USENIX Security Symposium.2020. [20]NI T,YE X.Privilege Escalation Technology of Kernel Vulnerabilities in Write What Where Mode[J].Journal of Information Engineering University,2014,15(2):232-236. |
[1] | 施瑞恒, 朱云聪, 赵易如, 赵磊. ROP漏洞利用脚本的语义还原和自动化移植方法 Semantic Restoration and Automatic Transplant for ROP Exploit Script 计算机科学, 2022, 49(11): 49-54. https://doi.org/10.11896/jsjkx.210900230 |
[2] | 方皓, 吴礼发, 吴志勇. 基于符号执行的Return-to-dl-resolve利用代码自动生成方法 Automatic Return-to-dl-resolve Exploit Generation Method Based on Symbolic Execution 计算机科学, 2019, 46(2): 127-132. https://doi.org/10.11896/j.issn.1002-137X.2019.02.020 |
[3] | 孟辰. 基于代码覆盖的浏览器漏洞利用攻击检测方法 Web Browser Vulnerability Exploitation Attack Test Technology Based on Code Overriding 计算机科学, 2011, 38(Z10): 41-43. |
[4] | 唐和平,黄曙光,张亮. 动态信息流分析的漏洞利用检测系统 Dynamic Information Flow Analysis for Vulnerability Exploits Detection 计算机科学, 2010, 37(7): 148-151. |
|