二进制应用程序漏洞挖掘技术研究

发布时间：2018-01-24 19:09

本文关键词： 二进制漏洞挖掘动态插装污点分析智能Fuzzing　出处：《北京邮电大学》2013年硕士论文　论文类型：学位论文

【摘要】：随着信息技术的发展,计算机软件在经济、医疗、国防等各个领域发挥着关键作用。在此情形下,软件安全作为信息系统的基本属性,成为影响国计民生的问题之一。近年来,虽然各大软件厂商都积极在产品的研发阶段采用“安全开发生命周期”,软件开发人员的安全编码意识较前些年相比也有显著提高,但软件复杂度和代码量的不断提高,决定了无法彻底杜绝漏洞的出现。这无疑使攻击者有机可乘——利用软件漏洞发起的“高级持续威胁”攻击事件层出不穷,使网络安全面临严峻的威胁。尽早发现并及时修补软件漏洞,对保护互联网用户的个人信息安全和维护国家安全都有积极地促进作用。软件漏洞挖掘技术也因此成为安全研究领域备受关注的热点课题之一。根据研究对象的不同,软件漏洞挖掘技术可分为两类：一类是针对开放源代码软件进行源代码级别的漏洞检测；一类是针对闭源软件进行二进制级别的漏洞检测。由于大多数软件厂商出于对自身商业利益和知识产权的保护,并不向开发社区和安全研究社区开放其产品的源代码。而且源代码在被编译的过程中,可能会由于编译器不当的编译优化,生成存在安全缺陷的二进制代码。基于上述原因,面向二进制的漏洞挖掘技术是当前研究的主流方向。与源代码级别的漏洞挖检测比,二进制级别的漏洞检测面临以下难点： (1)信息缺乏。虽然可以对二进制文件进行反汇编得到汇编代码,但仍然缺乏变量类型信息,数据结构信息以及程序的语义信息。特别是间接跳转和指针别名问题,给二进制级别的漏洞检测带来极大的挑战。 (2)x86指令复杂。基于x86结构的指令集指令类型繁多,不同指令的操作数数目不同,且往往单条指令会对多个操作数产生影响。这会对二进制级别程序分析的精确性产生一定影响。本文围绕二进制应用程序漏洞挖掘着一课题,深入研究了以下问题：(1)二进制动态插装平台PIN插件开发技术；(2)基于PIN的模糊测试用例集优化技术；(3)基于XML的漏洞模式形式化描述技术；(4)离线细粒度污点分析技术；(5)基于污点分析的智能Fuzzing系统的设计。
[Abstract]:With the development of information technology, computer software plays a key role in the fields of economy, medical treatment, national defense and so on. In this case, software security is the basic attribute of information system. In recent years, although the major software manufacturers actively adopt the "safe development life cycle" in the stage of product development. The security coding awareness of software developers is also significantly improved compared with previous years, but the software complexity and code volume are increasing. This makes it possible for attackers to take advantage of the "advanced persistent threat" attacks launched by software vulnerabilities. Make network security face severe threat. Discover and repair software vulnerabilities as soon as possible. It can promote both the personal information security of Internet users and the national security. Therefore, software vulnerability mining technology has become one of the hot topics in the field of security research. According to the different research object, software vulnerability mining technology can be divided into two categories: one is the open source software source code level vulnerability detection; One is binary level vulnerability detection for closed source software, because most software vendors protect their business interests and intellectual property rights. The source code for their products is not open to the development community and the security research community. And the source code may be compiled and optimized as a result of improper compilers during compilation. Based on the above reasons, the binary oriented vulnerability mining technology is the main research direction. Compared to source code level vulnerability detection, binary level vulnerability detection faces the following difficulties: Lack of information. Although binaries can be disassembled to get assembly code, variable type information is still lacking. Data structure information and program semantic information, especially indirect jump and pointer alias problems, bring great challenges to vulnerability detection at binary level. The instruction set based on x86 structure has a variety of instruction types and the number of operands of different instructions is different. And often a single instruction will have an impact on multiple operands, which will have an impact on the accuracy of the binary level program analysis. This paper focuses on the exploitation of vulnerabilities in binary applications, and deeply studies the following question: 1) PIN plug-in development technology of binary dynamic instrumentation platform; (2) Fuzzy test case set optimization technology based on PIN; (3) formal description technology of vulnerability pattern based on XML; (4) Off-line fine particle stain analysis technology; 5) the design of intelligent Fuzzing system based on stain analysis.
【学位授予单位】：北京邮电大学
【学位级别】：硕士
【学位授予年份】：2013
【分类号】：TP309

【参考文献】