Computer Science ›› 2019, Vol. 46 ›› Issue (7): 133-138.doi: 10.11896/j.issn.1002-137X.2019.07.021

• Software & Database Technology • Previous Articles     Next Articles

Automatic Vulnerability Detection and Test Cases Generation Method for Vulnerabilities Caused by SEH

HUANG Zhao,HUANG Shu-guang,DENG Zhao-kun,HUANG Hui   

  1. (National University of Defense Technology,Hefei 230037,China)
  • Received:2018-06-13 Online:2019-07-15 Published:2019-07-15

Abstract: Structured Exception Handling (SEH),which offered by Windows operating system,is a way to handle program errors or exceptions.However,while SEH handles exception based on link,there may be corresponding vulnerabi-lities.To solve this problem,in order to improve program security,a method was proposed to generate test cases base on SEH.First,the method judge whether the program has the risk of being attacked based on the SEH.If there is a risk,the test case constraints are constructed and adjusted.Then by solve these constraints,the corresponding test cases are generated automatically.On the one hand,this method extends the current automatic test case generation pattern.And on the other hand,it can generate effective test cases even when GS protection is turned on.Finally,the effectiveness of the method is verified by experiments.

Key words: Automatic test cases generation, Structured exception handling, Symbolic execution

CLC Number: 

  • TP311
[1]林桠泉.漏洞战争:软件漏洞分析精要[M].北京:电子工业出版社,2016.<br /> [2]MILLER C,CABALLERO J,BERKELEY U,et al.Crash analysis with BitBlaze[J].Revista Mexicana De Sociologia,2010,44(1):81-117.<br /> [3]PIETREK M.A Crash Course on the Depths of Win32 Structured Exception Handling[J].Microsoft Systems Journal,1997,1.<br /> [4]XU Y F,ZAHNG J H,WEN W P.Windows Security:The gra- dual improvement of SEH mechanism [J].Netinfo Security,2009(5):47-50.(in Chinese)<br /> 徐有福,张晋含,文伟平.Windows安全之SEH安全机制分析[J].信息网络安全,2009(5):47-50.<br /> [5]HE L,SU P L.Automatic software vulnerabilities exploit gene- ration research progress [J].China Education Network,2016(z1):46-48. 和亮,苏璞睿.软件漏洞自动利用研究进展[J].中国教育网络,2016(z1):46-48.<br /> [6]AVGERINOS T,SANG K C,REBERT A,et al.Automatic exploit generation[J].Communications of the Acm,2014,57(2):74-84.<br /> [7]HUANG S K,HUANG M H,HUANG P Y,et al.CRAX:Software Crash Analysis for Automatic Exploit Generation by Mo-deling Attacks as Symbolic Continuations[C]∥IEEE Sixth International Conference on Software Security and Reliability.IEEE Computer Society,2012:78-87.<br /> [8]YAN S,WANG R,SALLS C,et al.SOK:(State of) The Art of War:Offensive Techniques in Binary Analysis[C]∥Security and Privacy.IEEE,2016:138-157.<br /> [9]CHIPOUNOV V,GEORGESCU V,ZAMFIR C,et al.Selective Symbolic ution[C]∥The Workshop on Hot Topics in System Dependability.2009:1286-1299.<br /> [10]吴世忠,郭涛,董国伟,等.软件漏洞分析技术[M].北京:科学出版社,2014:134.<br /> [11]ZHANG Y F.Improving the Scalability and Feasibility of Symbolic ution [D].Changsha:National University of Defense Technology,2013.(in Chinese)<br /> 张羽丰.符号执行可扩展性及可行性关键技术研究[D].长沙:国防科技大学,2013.<br /> [12]CADAR C,DUNBAR D,ENGLER D.KLEE:unassisted and automatic generation of high-coverage tests for complex systems programs[C]∥Usenix Conference on Operating Systems Design and Implementation.USENIX Association,2009:209-224.<br /> [13]STUMP A.CVC:a Cooperating Varidity Checher[C]∥Proc.of International Conference on Computer-Aided Verification.2002.<br /> [14]GANESH V,DILL D L.A Decision Procedure for Bit-Vectors and Arrays[C]∥Computer Aided Verification,International Conference,CAV 2007.Berlin:DBLP,2007:519-531.<br /> [15]MOURA L D,BJ RNER N.Z3:An Efficient SMT Solver[C]∥International Conference on Tools and Algorithms for the Construction and Analysis of Systems.Berlin:Springer,2008:337-340.<br /> [16]王清.0day安全:软件漏洞分析技术(第2版)[M].北京:电子工业出版社,2011.
[1] ZHOU Sheng-yi, ZENG Hong-wei. Program Complexity Analysis Method Combining Evolutionary Algorithm with Symbolic Execution [J]. Computer Science, 2021, 48(12): 107-116.
[2] FANG Hao, WU Li-fa, WU Zhi-yong. Automatic Return-to-dl-resolve Exploit Generation Method Based on Symbolic Execution [J]. Computer Science, 2019, 46(2): 127-132.
[3] YE Zhi-bin,YAN Bo. Survey of Symbolic Execution [J]. Computer Science, 2018, 45(6A): 28-35.
[4] LI Hang, ZANG Lie, GAN Lu. Search of Speculative Symbolic Execution Path Based on Ant Colony Algorithm [J]. Computer Science, 2018, 45(6): 145-150.
[5] ZHANG Jing, ZHOU An-min, LIU Liang, JIA Peng and LIU Lu-ping. Review of Crash Exploitability Analysis Methods [J]. Computer Science, 2018, 45(5): 5-14.
[6] DENG Wei and LI Zhao-peng. State Merging for Symbolic Execution Engine with Shape Analysis [J]. Computer Science, 2017, 44(2): 209-215.
[7] CHEN Yong and XU Chao. Symbolic Execution and Human-Machine Interaction Based Auto Vectorization Method [J]. Computer Science, 2016, 43(Z6): 461-466.
[8] LIANG Jia-biao, LI Zhao-peng, ZHU Ling and SHEN Xian-fei. Symbolic Execution Engine with Shape Analysis [J]. Computer Science, 2016, 43(3): 193-198.
[9] LI Hua, XING Yi and ZHANG Yu-rong. Modeling OpenStack Single Plane Network Based on Token Selection [J]. Computer Science, 2016, 43(11): 66-70.
[10] WANG Zhi-wen,HUANG Xiao-long,WANG Hai-jun,LIU Ting and YU Le-chen. Program Slicing-guied Test Case Generation System [J]. Computer Science, 2014, 41(9): 71-74.
[11] ZHANG Ya-jun,LI Zhou-jun,LIAO Xiang-ke,JIANG Rui-cheng and LI Hai-feng. Survey of Automated Whitebox Fuzz Testing [J]. Computer Science, 2014, 41(2): 7-10.
[12] CHEN Shu,YE Jun-min and ZHANG Fan. Automatic Program Testing with Dynamic Symbolic Execution and Model Learning [J]. Computer Science, 2013, 40(8): 161-164.
[13] CHEN Xiang,GU Qing and CHEN Dao-xu. Research Advances in Test Suite Augmentation for Regression Testing [J]. Computer Science, 2013, 40(6): 8-15.
[14] NIU Wei-na,DING Xue-feng,LIU Zhi and ZHANG Xiao-song. Vulnerability Finding Using Symbolic Execution on Binary Programs [J]. Computer Science, 2013, 40(10): 119-121.
[15] LI Cheng,WEI Qiang,PENG Jian-shan and WANG Qing-xian. Network Software Test Data Generation Based on Decomposition and Reconstruction [J]. Computer Science, 2013, 40(10): 108-113.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!