本文關(guān)鍵詞： 二進(jìn)制漏洞挖掘 動態(tài)插裝 污點(diǎn)分析 智能Fuzzing　出處：《北京郵電大學(xué)》2013年碩士論文　論文類型：學(xué)位論文

【摘要】：隨著信息技術(shù)的發(fā)展,計(jì)算機(jī)軟件在經(jīng)濟(jì)、醫(yī)療、國防等各個(gè)領(lǐng)域發(fā)揮著關(guān)鍵作用。在此情形下,軟件安全作為信息系統(tǒng)的基本屬性,成為影響國計(jì)民生的問題之一。近年來,雖然各大軟件廠商都積極在產(chǎn)品的研發(fā)階段采用“安全開發(fā)生命周期”,軟件開發(fā)人員的安全編碼意識較前些年相比也有顯著提高,但軟件復(fù)雜度和代碼量的不斷提高,決定了無法徹底杜絕漏洞的出現(xiàn)。這無疑使攻擊者有機(jī)可乘——利用軟件漏洞發(fā)起的“高級持續(xù)威脅”攻擊事件層出不窮,使網(wǎng)絡(luò)安全面臨嚴(yán)峻的威脅。盡早發(fā)現(xiàn)并及時(shí)修補(bǔ)軟件漏洞,對保護(hù)互聯(lián)網(wǎng)用戶的個(gè)人信息安全和維護(hù)國家安全都有積極地促進(jìn)作用。軟件漏洞挖掘技術(shù)也因此成為安全研究領(lǐng)域備受關(guān)注的熱點(diǎn)課題之一。 根據(jù)研究對象的不同,軟件漏洞挖掘技術(shù)可分為兩類：一類是針對開放源代碼軟件進(jìn)行源代碼級別的漏洞檢測；一類是針對閉源軟件進(jìn)行二進(jìn)制級別的漏洞檢測。由于大多數(shù)軟件廠商出于對自身商業(yè)利益和知識產(chǎn)權(quán)的保護(hù),并不向開發(fā)社區(qū)和安全研究社區(qū)開放其產(chǎn)品的源代碼。而且源代碼在被編譯的過程中,可能會由于編譯器不當(dāng)?shù)木幾g優(yōu)化,生成存在安全缺陷的二進(jìn)制代碼�；谏鲜鲈�,面向二進(jìn)制的漏洞挖掘技術(shù)是當(dāng)前研究的主流方向。 與源代碼級別的漏洞挖檢測比,二進(jìn)制級別的漏洞檢測面臨以下難點(diǎn)： (1)信息缺乏。雖然可以對二進(jìn)制文件進(jìn)行反匯編得到匯編代碼,但仍然缺乏變量類型信息,數(shù)據(jù)結(jié)構(gòu)信息以及程序的語義信息。特別是間接跳轉(zhuǎn)和指針別名問題,給二進(jìn)制級別的漏洞檢測帶來極大的挑戰(zhàn)。 (2)x86指令復(fù)雜�；趚86結(jié)構(gòu)的指令集指令類型繁多,不同指令的操作數(shù)數(shù)目不同,且往往單條指令會對多個(gè)操作數(shù)產(chǎn)生影響。這會對二進(jìn)制級別程序分析的精確性產(chǎn)生一定影響。 本文圍繞二進(jìn)制應(yīng)用程序漏洞挖掘著一課題,深入研究了以下問題：(1)二進(jìn)制動態(tài)插裝平臺PIN插件開發(fā)技術(shù)；(2)基于PIN的模糊測試用例集優(yōu)化技術(shù)；(3)基于XML的漏洞模式形式化描述技術(shù)；(4)離線細(xì)粒度污點(diǎn)分析技術(shù)；(5)基于污點(diǎn)分析的智能Fuzzing系統(tǒng)的設(shè)計(jì)。
[Abstract]:With the development of information technology, computer software plays a key role in the fields of economy, medical treatment, national defense and so on. In this case, software security is the basic attribute of information system. In recent years, although the major software manufacturers actively adopt the "safe development life cycle" in the stage of product development. The security coding awareness of software developers is also significantly improved compared with previous years, but the software complexity and code volume are increasing. This makes it possible for attackers to take advantage of the "advanced persistent threat" attacks launched by software vulnerabilities. Make network security face severe threat. Discover and repair software vulnerabilities as soon as possible. It can promote both the personal information security of Internet users and the national security. Therefore, software vulnerability mining technology has become one of the hot topics in the field of security research. According to the different research object, software vulnerability mining technology can be divided into two categories: one is the open source software source code level vulnerability detection; One is binary level vulnerability detection for closed source software, because most software vendors protect their business interests and intellectual property rights. The source code for their products is not open to the development community and the security research community. And the source code may be compiled and optimized as a result of improper compilers during compilation. Based on the above reasons, the binary oriented vulnerability mining technology is the main research direction. Compared to source code level vulnerability detection, binary level vulnerability detection faces the following difficulties: Lack of information. Although binaries can be disassembled to get assembly code, variable type information is still lacking. Data structure information and program semantic information, especially indirect jump and pointer alias problems, bring great challenges to vulnerability detection at binary level. The instruction set based on x86 structure has a variety of instruction types and the number of operands of different instructions is different. And often a single instruction will have an impact on multiple operands, which will have an impact on the accuracy of the binary level program analysis. This paper focuses on the exploitation of vulnerabilities in binary applications, and deeply studies the following question: 1) PIN plug-in development technology of binary dynamic instrumentation platform; (2) Fuzzy test case set optimization technology based on PIN; (3) formal description technology of vulnerability pattern based on XML; (4) Off-line fine particle stain analysis technology; 5) the design of intelligent Fuzzing system based on stain analysis.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2013
【分類號】：TP309

【參考文獻(xiàn)】

相關(guān)期刊論文 前6條

1 于璐;沈毅;;Fuzzing測試中樣本優(yōu)化算法的分析與改進(jìn)[J];計(jì)算機(jī)安全;2011年04期

2 忽朝儉;李舟軍;郭濤;時(shí)志偉;;寫污點(diǎn)值到污點(diǎn)地址漏洞模式檢測[J];計(jì)算機(jī)研究與發(fā)展;2011年08期

3 陳建敏;舒輝;熊小兵;;基于符號化執(zhí)行的Fuzzing測試方法[J];計(jì)算機(jī)工程;2009年21期

4 崔寶江;國鵬飛;王建新;;基于符號執(zhí)行與實(shí)際執(zhí)行的二進(jìn)制代碼執(zhí)行路徑分析[J];清華大學(xué)學(xué)報(bào)(自然科學(xué)版);2009年S2期

5 文偉平;吳興麗;蔣建春;;軟件安全漏洞挖掘的研究思路及發(fā)展趨勢[J];信息網(wǎng)絡(luò)安全;2009年10期

6 徐有福;文偉平;萬正蘇;;基于漏洞模型檢測的安全漏洞挖掘方法研究[J];信息網(wǎng)絡(luò)安全;2011年08期

相關(guān)博士學(xué)位論文 前1條

1 李根;基于動態(tài)測試用例生成的二進(jìn)制軟件缺陷自動發(fā)掘技術(shù)研究[D];國防科學(xué)技術(shù)大學(xué);2010年

相關(guān)碩士學(xué)位論文 前2條

1 王金錠;二進(jìn)制程序漏洞挖掘技術(shù)的研究與工具實(shí)現(xiàn)[D];中國科學(xué)技術(shù)大學(xué);2011年

2 楊俊;基于函數(shù)摘要的二進(jìn)制漏洞挖掘技術(shù)研究[D];中國科學(xué)技術(shù)大學(xué);2011年

，

本文編號：1460799