云环境下软件更新的安全检测

发布时间：2019-04-08 18:51

【摘要】：随着云计算在各领域逐渐的普及,大量业务软件被部署到云环境中。在业务软件的生命周期中,补丁用于增加新的软件功能或者修复已知的漏洞。但是补丁本身并不全是安全的,这些补丁可能没有完全修复现有漏洞或者引入了新的安全问题。快速、有效的检测补丁的安全性对提高云环境的安全性、稳定性以及业务软件的可靠性都非常重要。传统解决方案将整个业务软件当作一个整体来检测,其检测的准确度依赖于有效测试集的构建,存在效率低,误报率和漏报率较高等问题,不适合云环境中业务软件的更新检测。因此,如何高效的对软件更新的安全性进行检测是一个值得研究的课题。软件更新安全检测系统KPSec具有自动化检测、漏报率低、检测效率高、可扩展性好的特点。为了解决传统方案中检测效率低的问题,KPSec着重检测软件更新后新版本程序中受补丁影响的代码,通过精确的分析来排除没有受影响的代码,达到减少执行路径数量的目的。为了摆脱对软件测试集的依赖,KPSec定义了内存安全敏感点同时设计了基于数据流分析的可执行路径生成方法,结合符号执行技术和安全检测器,高效的完成对可执行路径的安全检测。为了提高检测系统检测范围,KPSec设计了五种基于规则的安全检测器,实现对多种安全问题的检测。测试结果表明,软件更新安全检测系统KPSec具有较高的检测效率,对于云环境下大型软件的补丁,在最好的情况下能够减少99.87%的执行路径,补丁的平均检测时间为13.1分钟。在检测有效性方面,KPSec能够检测包括缓冲区溢出、内存泄露、越界访问在内的多种常见安全问题,漏报率小于2.86%,误报率小于5.71%,各项指标都要优于现有同类型的系统。
[Abstract]:With the popularity of cloud computing in various fields, a large number of business software is deployed to the cloud environment. During the lifecycle of business software, patches are used to add new software features or fix known vulnerabilities. But patches themselves are not entirely secure; they may not completely fix existing vulnerabilities or introduce new security problems. Fast and effective detection of patch security is very important to improve the security, stability and reliability of business software in cloud environment. The traditional solution takes the whole business software as a whole to detect, its detection accuracy depends on the construction of effective test set, there are some problems such as low efficiency, high false positive rate and high false positive rate, and so on. Not suitable for business software update detection in cloud environment. Therefore, how to efficiently detect the security of software update is a subject worth studying. The software update security detection system (KPSec) has the characteristics of automatic detection, low false positive rate, high detection efficiency and good expansibility. In order to solve the problem of low detection efficiency in the traditional scheme, KPSec focuses on detecting the code affected by the patch in the new version of the updated software, and eliminating the unaffected code by accurate analysis, so as to reduce the number of execution paths. In order to get rid of the dependence on software test set, KPSec defines the memory security sensitive point and designs an executable path generation method based on data flow analysis, which combines symbol execution technology and security detector. High efficiency to complete the security detection of executable paths. In order to improve the detection range of the detection system, KPSec designed five rules-based security detectors to realize the detection of a variety of security problems. The test results show that the software update security detection system KPSec has a high detection efficiency. For large-scale software patches in cloud environment, the execution path can be reduced by 99.87% in the best case. The average detection time for patches is 13.1 minutes. In terms of detection effectiveness, KPSec can detect many common security problems, including buffer overflow, memory leak and cross-border access, with false positive rate less than 2.86% and false positive rate less than 5.71%. All indicators are superior to existing systems of the same type.
【学位授予单位】：华中科技大学
【学位级别】：硕士
【学位授予年份】：2016
【分类号】：TP311.53

【参考文献】