信息网络安全 ›› 2024, Vol. 24 ›› Issue (10): 1493-1505.doi: 10.3969/j.issn.1671-1122.2024.10.003

• 入选论文 • 上一篇    下一篇

基于动态执行日志和反向分析的漏洞成因分析技术

沈钦涛1, 梁瑞刚1(), 王宝林2, 张倞诚2, 陈恺1   

  1. 1.中国科学院信息工程研究所,北京 100085
    2.北京小米移动软件有限公司,北京 100089
  • 收稿日期:2024-05-16 出版日期:2024-10-10 发布日期:2024-09-27
  • 通讯作者: 梁瑞刚, liangruigang@iie.ac.cn
  • 作者简介:沈钦涛(1993—),男,河南,博士研究生,主要研究方向为软件安全分析|梁瑞刚(1992—),男,甘肃,高级工程师,博士,CCF会员,主要研究方向为软件与系统安全、AI安全|王宝林(1985—),男,四川,工程师,主要研究方向为系统漏洞挖掘与封堵|张倞诚(1995—),男,辽宁,主要研究方向为系统安全加固、隐私保护|陈恺(1982—),男,江苏,研究员,博士,CCF会员,主要研究方向为软件与系统安全、AI安全
  • 基金资助:
    国家自然科学基金(62302497);国家自然科学基金(62302498);国家自然科学基金(92270204)

Vulnerability Causation Analysis Based on Dynamic Execution Logging and Reverse Analysis

SHEN Qintao1, LIANG Ruigang1(), WANG Baolin2, ZHANG Jingcheng2, CHEN Kai1   

  1. 1. Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100085, China
    2. Beijing Xiaomi Mobile Software Co.,Ltd., Beijing 100089, China
  • Received:2024-05-16 Online:2024-10-10 Published:2024-09-27

摘要:

软件漏洞给软件安全带来了巨大的威胁,全球每年因软件漏洞导致的安全事件层出不穷。然而,在实际的开发过程中,因开发人员的安全意识不够、代码和业务逻辑越来越复杂等原因,软件代码中难以避免地存在着安全漏洞。文章针对现有方法面临错误代码定位不准确、分析效率不高等难题,突破指令运行时信息获取和反向分析、错误代码准确定位等挑战,提出一种基于追踪日志和反向执行的程序错误原因定位方法,能够跟踪程序的代码执行流,记录指令在运行状态下的寄存器状态信息以及存储访问状态信息,分析引发执行错误的指针相关联的指针值生成、使用、计算的指令集合,实现高效、准确的漏洞成因分析和定位。

关键词: 动态执行日志, 反向分析, 漏洞成因分析

Abstract:

Software vulnerabilities pose a great threat to software security, and there are numerous security incidents due to software vulnerabilities around the world every year. However, in the actual development process, due to the lack of security awareness of developers and the increasing complexity of code and business logic, it is difficult to avoid the existence of security vulnerabilities in software code. Aiming at the challenges of inaccurate error code positioning and inefficient analysis faced by the existing methods, this paper broke through the challenges of obtaining and reverse analysis of instruction runtime information and accurate positioning of error code, and proposed a method for locating the cause of program errors based on trace logs and reverse execution, which was capable of tracking the code execution flow of the program, recording the register state information and storage access state information of the instruction in the runtime state, and analyzing the pointer associated with the pointer that triggered the execution error. It can track the code execution flow of the program, record the register state information and storage access state information in the running state of the instruction, analyze the set of instructions that generate, use, and compute the pointer value associated with the pointer that triggers the execution error, and realize the efficient and accurate vulnerability cause analysis and localization.

Key words: dynamic execution log, reverse analysis, vulnerability causation analysis

中图分类号: