一种基于补丁比对和静态污点分析的漏洞定位技术研究

doi:10.3969/j.issn.1671-1122.2017.09.002

信息网络安全 ›› 2017, Vol. 17 ›› Issue (9): 5-5.doi: 10.3969/j.issn.1671-1122.2017.09.002

一种基于补丁比对和静态污点分析的漏洞定位技术研究

达小文(), 毛俐旻, 吴明杰, 郭敏

北京计算机技术及应用研究所,北京 100854

收稿日期:2017-08-01 出版日期:2017-09-20 发布日期:2020-05-12
作者简介:
作者简介：达小文（1989—）,男,湖南,助理工程师,硕士,主要研究方向为信息安全;毛俐旻（1977—）,女,湖北,高级工程师,博士,主要研究方向为信息安全; 吴明杰（1987—）,男,江苏,工程师,硕士,主要研究方向为信息安全;郭敏（1991—）,女,山东,助理工程师,硕士,主要研究方向为信息安全。

Research on a Vulnerability Location Technology Based on Patch Matching and Static Taint Analysis

Xiaowen DA(), Limin MAO, Mingjie WU, Min GUO

Beijing Institute of Computer Technology and Applications, Beijing 100854, China

Received:2017-08-01 Online:2017-09-20 Published:2020-05-12

摘要/Abstract

摘要：

目前对于开源软件的漏洞定位分析较为缺乏,且缺少一种自动化的快速定位方法。针对这些不足,文章提出一种基于补丁比对和静态污点分析的漏洞定位方法。该方法通过分析大量开源软件的缓冲区溢出错误的实例,提取6种缓冲区错误的漏洞定位模型;通过将补丁比对和污点传播结合,生成污点传播路径图;将补丁源码的污点传播路径图与定位模型匹配以定位某小块代码,采用污点查找精确定位漏洞所在行。

关键词: 漏洞定位, 补丁比对, 污点分析, 缓冲区错误

Abstract:

At present, there is a lack of the analysis for vulnerabilities location in open source software and a lack of an automatic method for fast locating the vulnerabilities. To address these issues, this paper proposes a vulnerabilities location method based on patch matching and the static taints analysis. By analyzing a large number of buffer errors instances of open source software, six vulnerabilities location models of buffer errors are extracted. By combining patch matching with taint propagation, a taint propagation path graph is generated. Match the taint propagation graph of patched source with the location models to locate a small block of code, which then locates vulnerabilities code rows accurately by searching for taints.

Key words: vulnerability location, patch matching, taint analysis, buffer errors

中图分类号:

TP393

达小文, 毛俐旻, 吴明杰, 郭敏. 一种基于补丁比对和静态污点分析的漏洞定位技术研究[J]. 信息网络安全, 2017, 17(9): 5-5.

Xiaowen DA, Limin MAO, Mingjie WU, Min GUO. Research on a Vulnerability Location Technology Based on Patch Matching and Static Taint Analysis[J]. Netinfo Security, 2017, 17(9): 5-5.

图/表 8

参考文献 15

[1]	微软安全技术中心. Microsoft 安全公告 MS17-010 - 严重[EB/OL].https://technet.microsoft.com/zh-cn/library/security/MS17-010, 2016-5-10.
[2]	GAO Fengjuan, WANG Linzhang, LI Xuandong.BovInspector: Automatic Inspection and Repair of Buffer Overflow Vulnerabilities[C]//ACM.Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering, September 3-7, 2016. Singapore. New York: ACM, 2016: 786-791.
[3]	PADMANABHUNI B M, TAN H B K. Light-weight Rule-based Test Case Generation for Detecting Buffer Overflow Vulnerabilities[C]//IEEE.Automation of Software Test (AST), 2015 IEEE/ACM 10th International Workshop on, May 23-24, 2015. Florence, Italy. NJ: IEEE, 2015: 48-52.
[4]	DIETZ W, LI Peng, REGEHR J, et al.Understanding Integer Overflow in C/C++[C]//IEEE. Software Engineering (ICSE), 2012 34th International Conference on, June 2-9, 2012. Zurich, Switzerland.NJ:IEEE,2015: 2.
[5]	LAGUNA I, SCHULZ M.Pinpointing Scale-dependent Integer Overflow Bugs in Large-scale Parallel Applications[C]//IEEE.Proceedings of the International Conference for High Performance Computing, Networking, Storage and Analysis, November 13-18, 2016. Salt Lake City, Utah. NJ: IEEE, 2016: 216-227.
[6]	董鹏程, 舒辉, 康绯, 等. 基于动态二进制平台的缓冲区溢出过程分析[J]. 计算机工程, 2012, 38(6): 66-68.
[7]	SONG Yang, ZHANG Yuqing, SUN Yingfei.Automatic Vulnerability Locating in Binary Patches[C]// IEEE.International Conference on Computational Intelligence and Security, December 11-14, 2009. Beijing, China. NJ: IEEE, 2009:474-477.
[8]	黄克振, 连一峰, 陈恺, 等. 基于标志位差异分析的整数溢出漏洞溢出点定位方法[J]. 计算机科学, 2014, 41(12): 19-23.
[9]	肖海, 陈平, 茅兵, 等. 基于运行时类型分析的整形漏洞二进制检测和定位系统[J]. 计算机科学, 2011, 38(1): 140-144.
[10]	YAMAGUCHI F, MAIER A, GASCON H, et al.Automatic Inference of Search Patterns for Taint-style Vulnerabilities[C]//IEEE.Security and Privacy (SP), 2015 IEEE Symposium on. May 17-21, 2015.San Jose, CA,USA. NJ: IEEE, 2015: 797-812.
[11]	SHAHRIAR H, HADDAD H M, VAIDYA I.Buffer Overflow Patching for C and C++ Programs: Rule-based Approach[J]. ACM SIGAPP Applied Computing Review, 2013, 13(2): 8-19.
[12]	The MITRE Corporation. CWE[EB/OL]. , 2017-5-19.
[13]	王蕾, 李丰, 李炼, 等.污点分析技术的原理和实践应用[J].软件学报, 2017, 28(4):860-882.
[14]	WANG Xuefei, MA Hengtai, JING Lisha.A Dynamic Marking Method for Implicit Information Flow in Dynamic Taint Analysis[C]//ACM.Proceedings of the 8th International Conference on Security of Information and Networks, September 8-10, 2015. Sochi, Russia. New York: ACM, 2015: 275-282.
[15]	宋铮, 王永剑, 金波, 等.二进制程序动态污点分析技术研究综述[J].信息网络安全, 2016(3):77-83.

一种基于补丁比对和静态污点分析的漏洞定位技术研究

Research on a Vulnerability Location Technology Based on Patch Matching and Static Taint Analysis

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 8

参考文献 15

相关文章 5

编辑推荐

Metrics

本文评价

[1]	王夏菁, 胡昌振, 马锐, 高欣竺. 二进制程序漏洞挖掘关键技术研究综述[J]. 信息网络安全, 2017, 17(8): 1-13.
[2]	彭建山, 奚琪, 王清贤. 二进制程序整型溢出漏洞的自动验证方法[J]. 信息网络安全, 2017, 17(5): 14-21.
[3]	宋铮, 王永剑, 金波, 林九川. 二进制程序动态污点分析技术研究综述[J]. 信息网络安全, 2016, 16(3): 77-83.
[4]	崔化良;兰芸;崔宝江. 动态污点分析技术在ActiveX控件漏洞挖掘上的应用[J]. , 2013, 13(12): 0-0.
[5]	文伟平;吴兴丽;蒋建春. 软件安全漏洞挖掘的研究思路及发展趋势[J]. , 2009, 9(10): 0-0.