基于污点分析的静态漏洞检测可扩展框架

发布时间：2018-01-21 15:50

本文关键词： 静态分析漏洞检测可扩展框架污点分析　出处：《南京大学》2017年硕士论文　论文类型：学位论文

【摘要】：软件漏洞是威胁计算机系统安全的重要因素。有一类漏洞是由外部输入的处理不当引发的,特别是在C/C++程序中,程序员可能会忽略程序中部分与外部输入相关的安全关键操作(如除法、数组访问、内存访问等)的合法性检查,从而导致了潜在的安全漏洞(如除零错误、数组越界、内存访问越界等)。静态分析技术能够在源代码中查找各种漏洞,且相比动态分析,无需执行待测程序,而且不需要准备待测程序的测试用例,节省了很多工作,执行效率也更高。而且,静态分析可以扫描待测程序的全部代码,而不像动态分析每次只能检测执行起来的部分代码。但现有的静态分析工具只能检测预先设定的漏洞,出现新的漏洞时,需要开发新的漏洞检测工具,代价高、周期长。本文聚焦于外部输入未经合法性检查导致的C/C++程序漏洞,提出了一个基于污点分析的静态漏洞检测可扩展工具框架。论文的主要工作包括:1.提出了 C/C++程序的静态污点分析方法。基于C/C++语言的简化模型,定义了污点类型推导规则,提出了静态污点分析方法和流程,包括过程内分析和过程间分析。2.提出了基于污点分析的可扩展漏洞检测框架。框架定义了基于外部输入攻击安全关键操作防护不足的代码漏洞统一检测方法:程序结构分析与安全关键操作定位、污点数据分析、防范攻击的合法性检查缺失检测。该框架提供了两方面的可扩展功能:1)提供了基于定制规则的污点分析方法;2)提供了可扩展的安全关键操作合法性检查缺失的检测方法。用户只需配置安全关键操作的相关信息,就能自动检测该类操作是否存在安全检查缺失的漏洞。3.基于上述工作,实现了可扩展漏洞检测框架的原型工具,并进行了实例研究。在Clang平台上实现了程序结构分析、污点分析和合法性检查缺失检测等模块,基于该框架实现了3类漏洞的自动检测:数组下标越界检测、除零检测和内存操作API越界检测,并应对大规模程序实现了针对污点信息的存储和AST存储的优化策略;我们选取了若干程序进行了实验,从污点分析的准确性、性能、优化效果等方面进行了评估。
[Abstract]:Software vulnerabilities are important threats to the security of computer systems. Some vulnerabilities are caused by improper handling of external inputs, especially in C / C programs. Programmers may ignore legitimate checks for some of the security-critical operations related to external input (such as division, array access, memory access, etc.) in the program, resulting in potential security vulnerabilities such as zero exception errors. The static analysis technology can find various vulnerabilities in the source code, and compared with the dynamic analysis, it does not need to execute the program to be tested, and does not need to prepare the test cases of the program to be tested. It saves a lot of work and is more efficient. Moreover, static analysis can scan the whole code of the program to be tested. But the existing static analysis tools can only detect pre-set vulnerabilities, when new vulnerabilities appear, it is necessary to develop new vulnerability detection tools, which is costly. Long cycle. This article focuses on C / C program vulnerabilities caused by external input without legitimacy checks. This paper presents an extensible tool framework for static vulnerability detection based on stain analysis. The main work of this paper includes: 1. A static stain analysis method for C / C program is proposed. Simplified model of language. The derivation rules of stain type are defined, and the static stain analysis method and process are proposed. Including intra-process analysis and inter-process analysis. 2. An extensible vulnerability detection framework based on stain analysis is proposed. The framework defines a unified method for code vulnerability detection based on inadequate protection against key operations of external input attacks. :. Program structure analysis and safety key operation positioning. The framework provides two extensible functions: 1) provides a method of stain analysis based on custom rules; 2) provides an extensible method to detect the lack of security critical operation legitimacy check. Users only need to configure the relevant information of security critical operation. Based on the above work, the prototype tool of extensible vulnerability detection framework is implemented. The program structure analysis, the stain analysis and the detection of the lack of validity are implemented on the Clang platform. Based on this framework, automatic detection of three kinds of vulnerabilities is implemented: array subscript crossing detection, zero removal detection and memory operation API crossing detection. And the optimization strategy for the storage of stain information and AST storage is realized for large scale programs. Several programs are selected for experiments, and the accuracy, performance and optimization effect of stain analysis are evaluated.
【学位授予单位】：南京大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP309

【相似文献】