信息网络安全 ›› 2022, Vol. 22 ›› Issue (3): 39-52.doi: 10.3969/j.issn.1671-1122.2022.03.005
收稿日期:
2021-12-22
出版日期:
2022-03-10
发布日期:
2022-03-28
通讯作者:
张熠哲
E-mail:995338514@qq.com
作者简介:
冯光升(1980—),男,山东,教授,博士,主要研究方向为网络技术与信息安全|张熠哲(1998—),男,江苏,硕士研究生,主要研究方向为网络技术与信息安全|孙嘉钰(1993—),男,河南,博士研究生,主要研究方向为5G/6G网络技术、网络安全、移动边缘计算|吕宏武(1983—),男,山东,副教授,博士,主要研究方向为网络技术与信息安全。
基金资助:
FENG Guangsheng, ZHANG Yizhe(), SUN Jiayu, LYU Hongwu
Received:
2021-12-22
Online:
2022-03-10
Published:
2022-03-28
Contact:
ZHANG Yizhe
E-mail:995338514@qq.com
摘要:
网络空间的安全形势日趋复杂,随着软件迭代的速度加快,安全漏洞的数量也呈爆炸式增长。过去依靠安全专家进行评估的方式在面对隐蔽且数量众多的漏洞时需要耗费巨大的人力物力,因此,如何高效地自动寻找软件漏洞、生成对应的漏洞报告并进行后续利用成为当今的一个热点研究方向。文章旨在对漏洞自动化利用的最新进展进行综述,首先提炼漏洞自动化利用的相关技术,然后介绍主流的漏洞自动化利用系统,最后分析总结了目前存在的问题并对未来的研究进行了展望。
中图分类号:
冯光升, 张熠哲, 孙嘉钰, 吕宏武. 计算机系统漏洞自动化利用研究关键技术及进展[J]. 信息网络安全, 2022, 22(3): 39-52.
FENG Guangsheng, ZHANG Yizhe, SUN Jiayu, LYU Hongwu. Key Technologies and Advances in the Research on Automated Exploitation of Computer System Vulnerabilities[J]. Netinfo Security, 2022, 22(3): 39-52.
表1
数据流与控制流劫持类漏洞利用自动生成的主要研究成果
研究成果 | 针对问题 | 主要贡献 |
---|---|---|
APEG | 针对如何自动搜索已发布补丁的程序中存在的漏洞问题 | 提出一种基于补丁的自动漏洞利用生成程序 |
AEG | 针对如何自动发现漏洞并对漏洞生成相关利用问题 | 提出一种全自动的端到端的自动生成利用方法,开发了一种新的预处理符号执行技术和路径优先级算法 |
CRAX | 针对AEG产生的exp可能会由于漏洞点和触发exp点的传播距离过远而失效问题 | 提出一种构建在新的符号执行平台上的自动化漏洞利用生成框架 |
Mayhem | 针对自动查找二进制程序中可利用漏洞问题 | 提出一种以高效且可扩展的方式自动查找二进制程序中可利用漏洞的工具,引入了一种新的混合符号执行方案,将现有符号执行技术(在线和离线)的优点结合到一个系统中,还介绍了基于索引的内存建模方法 |
AXGEN | 针对利用缓冲区溢出漏洞生成自动利用问题 | 提出第一种使用源自软件验证和程序分析的方法进行漏洞利用生成的工具 |
PolyAEG | 针对二进制程序中控制流劫持类漏洞的自动利用生成问题 | 提出一种通过多样化跳转指令和shellcode的组合来产生漏洞的方法 |
FlowStitch | 针对如何面向数据流生成自动利用问题 | 将数据流拼接概念化,提出一种通过一个内存错误将良性数据流组合到一个应用程序中从而系统化地构建面向数据的攻击方法 |
GuidExp | 针对语言虚拟机中漏洞的自动利用生成问题 | 构建一个引导(半自动)开发生成工具,其目标是语言虚拟机实现中的漏洞 |
表2
堆栈溢出漏洞的自动利用生成的主要研究成果
研究成果 | 针对问题 | 主要贡献 |
---|---|---|
Automated Exploit Generation for Stack Buffer Overflow Vulnerabilities | 针对堆栈缓冲区溢出漏洞自动生成利用问题 | 提出一种基于二进制代码符号执行来评估检测到的错误的方法 |
Modular Synthesis of Heap Exploits | 针对堆漏洞的自动利用生成问题 | 提出一种基于符号执行的模块化方法 |
Revery | 针对基于堆的漏洞自动利用生成问题 | 提出一种布局-贡献者有向图数据结构,以表征漏洞的内存布局及其贡献者指令,从而 实现许多与漏洞利用相关的分析 |
SHRIKE | 针对分析堆布局操作存在的漏洞自动利用生成问题 | 设计一个可以在PHP解释器上执行自动堆布局操作的系统,可用于构建控制流劫持漏洞,同时提出一种用于堆布局操作的伪随机黑框搜索算法 |
HeapHopper | 针对堆元数据处理时存在的漏洞进行自动利用生成问题 | 提出一种基于模型检查和符号执行的自动方法堆处理器,来分析在存在内存漏洞时堆实现的可利用性 |
Pangr | 针对二进制文件中存在的堆栈溢出漏洞 | 提出基于行为的漏洞检测建模,可以有效地对漏洞进行检测和分类 |
Gollum | 针对解释器中的堆溢出漏洞自动生成利用问题 | 提出一种纯灰盒方法来利用生成,引入了惰性解决的概念,描述了一种遗传算法来解决堆布局问题 |
ARCHEAP | 针对堆分配器元数据的利用技术自动生成利用问题 | 总结堆分配器共享的通用设计,并定义了利用的影响,可用于有效评估利用技术 |
HAEPG | 针对堆漏洞的自动利用生成问题 | 使用混合技术来构建堆交互模型并试图通过多跳方式实现漏洞利用的生成 |
MAZE | 针对堆布局的漏洞自动利用生成问题 | 提出一种新的自动化堆布局操作解决方案,能够为广泛的堆分配器生成复杂的堆布局,从而促进自动化开发生成 |
AngErza | 针对缓冲区溢出类漏洞的自动利用生成问题 | 提出一种基于angr的方法,使用动态符号执行来识别代码中的漏洞点,制定约束条件并基于这些约束生成有效利用 |
表3
Linux内核漏洞的自动利用生成方法的主要研究成果
研究成果 | 针对问题 | 主要贡献 |
---|---|---|
FUZE | 针对内核释放后使用(UAF)漏洞自动利用生成问题 | 设计一种在Linux系统中利用内核融合和符号执行来促进内核UAF利用生成的框架 |
KEPLER | 针对Linux内核使用控制流劫持原语创建漏洞问题 | 提出一种新的代码重用利用技术,将单一不适合的控制流劫持原语转换为任意ROP有效负载执行 |
SLAKE | 针对Linux内核的复杂性以及slab内存分配算法的不确定性问题 | 对常用的内核开发方法进行建模,设计一种利用静态/动态分析来识别对内核开发有用的内核对象和系统调用的方法 |
KOOBE | 针对Linux内核OOB漏洞自动生成利用问题 | 归纳利用Linux内核OOB漏洞的关键挑战,并设计一个有效的分析框架,提取该类型漏洞的内在特征 |
表4
Web注入类漏洞自动利用生成方法的主要研究成果
研究成果 | 针对问题 | 主要贡献 |
---|---|---|
QED | 针对XSS和SQL注入的自动利用生成问题 | 提出一种目标导向的模型检查系统,可利用大型 Java Web 应用程序中的基于污点的漏洞能力自动生成攻击 |
ARDILLA | 针对Web应用程序中的安全漏洞自动利用生成问题 | 提出一种用于创建SQLI和XSS攻击向量的全自动技术,同时提出一种象征性地跟踪数据库中受污染数据流的新方法 |
WAPTEC | 针对参数篡改漏洞的自动利用生成问题 | 提出一种将形式逻辑和约束求解、符号评估和动态分析相结合的方法 |
CRAXWeb | 针对Web应用程序中的自动利用生成问题 | 提出一种基于S2E测试方法的动态符号执行,同时提出了单路径并行模式及一些优化 |
CHAINSAW | 针对Web注入漏洞的识别和自动利用生成的改进问题 | 提出一种应用程序工作流、数据库模式和本地函数的精确模型,实现了高质量的利用自动生成 |
SUT | 针对SOAP通信的XML注入自动利用生成问题 | 比较4种不同的搜索算法,即标准遗传算法(SGA)、实编码遗传算法(RGA)、爬山算法(HC)和随机搜索算法(RS)并提出一种元启发式搜索算法 |
PrimGen | 针对网络浏览器的漏洞自动利用生成问题 | 提出一种方法来自动执行使浏览器崩溃的输入,以执行不同的利用原语 |
NAVEX | 针对Web应用程序的动态特性的利用自动生成问题 | 提出一种结合了由静态分析技术指导的动态分析方法,以自动识别漏洞并构建利用 |
表5
Android系统自动漏洞利用的主要研究成果
研究成果 | 针对问题 | 主要贡献 |
---|---|---|
LetterBomb | 针对Android应用程序中漏洞的自动利用生成问题 | 提出一种自动生成Android应用程序漏洞利用的方法,采用依赖于组合的基于路径敏感的符号执行的静态分析,以及软件检测技术和测试预言机 |
CENTAUR | 针对Android应用程序漏洞的分析与自动利用生成问题 | 提出一种基于Android系统构建符号执行器的创新架构,设计一个强大的算法,将执行上下文信息从Android迁移到符号执行器 |
EOEDroid | 针对Android系统中集成的嵌入浏览器中存在的漏洞的自动利用生成问题 | 提出一种新的方法,可以使用选择性符号执行和静态分析来自动检查给定的混合应用程序中的事件处理程序 |
Mingsong Zhou等 | 针对Android程序的功能泄露的自动利用生成问题 | 提出一种基于路径敏感符号执行的工具,它可以自动生成功能泄露的静态分析和测试 |
表6
安全机制自动化对抗方法的主要研究成果
研究成果 | 针对问题 | 主要贡献 |
---|---|---|
Q | 针对数据执行保护和地址随机化导致的漏洞利用困难问题 | 针对控制流劫持类漏洞,提出了一种通过从少量非随机代码中自动创建ROP有效负载的新技术 |
DOP | 针对内存中非控制数据流的自动利用生成问题 | 提出了一种面向数据的编程(DOP)方法,这是一种针对脆弱程序构建图灵完全非控制数据攻击的通用方法 |
BOPC | 针对高级CFI和影子堆栈等控制流劫持防御的自动利用生成问题 | 提出了SPL,一种可以访问虚拟寄存器的语言,以及一个用于调用操作系统和其他库函数的API,适用于编写漏洞利用负载,开发了一个跟踪模块,允许使用目标二进制文件的代码执行以SPL编写的任意有效负载 |
R2dlAEG | 针对Return-to-dl-resolve方法需要手工生成漏洞利用问题 | 提出了一种基于符号执行的Return-to-dl-resolve自动化实现方法 |
[1] | CADAR C, GODEFROID P, KHURSHID S, et al. Symbolic Execution for Software Testing in Practice: Preliminary Assessment [C]// IEEE. 2011 33rd International Conference on Software Engineering (ICSE), May 21-28, 2011, Honolulu, HI, USA. New York: IEEE, 2011: 1066-1071. |
[2] | SCHWARTZ E J, AVGERINOS T, BRUMLEY D. All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask) [C]//IEEE. 2010 IEEE Symposium on Security and Privacy, May 16-19, 2010, Oakland, CA, USA. New York: IEEE, 2010: 317-331. |
[3] | YE Zhibin, YAN Bo. Survey of Symbolic Execution[J]. Computer Science, 2018, 45(S1):28-35. |
叶志斌, 严波. 符号执行研究综述[J]. 计算机科学, 2018, 45(S1):28-35. | |
[4] | CADAR C, DUNBAR D, ENGLER D R. Klee: Unassisted and Automatic Generation of High-coverage Tests for Complex Systems Programs[EB/OL]. https://www.researchgate.net/publication/220851853_KLEE_Unassisted_and_Automatic_Generation_of_High-Coverage_Tests_for_Complex_Systems_Programs, 2008-12-10. |
[5] | BURNIM J, SEN K. Heuristics for Scalable Dynamic Test Generation [C]//IEEE. 23rd IEEE/ACM International Conference on Automated Software Engineering (ASE 2008), September 15-19,2008, L'Aquila, Italy. New York: IEEE, 2008: 443-446. |
[6] | SEN K, AGHA G. CUTE and jCUTE: Concolic Unit Testing and Explicit Path Model-checking Tools [C]//CAV. 18th International Conference on Computer Aided Verification, August 17-20, 2006, Seattle, WA, USA. Heidelberg: Springer, 2006: 419-423. |
[7] | BOONSTOPPEL P, CADAR C, ENGLER D. RWset: Attacking Path Explosion in Constraint-based Test Generation [C]//TACAS. 14th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, March 29-April 6, 2008, Hungary, Budapest. Heidelberg: Springer, 2008: 351-366. |
[8] | GODEFROID P. Compositional Dynamic Test Generation [C]//ACM. Proceedings of the 34th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, January 17-19, 2007, Nice, France. New York: ACM, 2007: 47-54. |
[9] | KUZNETSOV V, KINDER J, BUCUR S, et al. Efficient State Merging in Symbolic Execution[J]. ACM Sigplan Notices, 2012, 47(6):193-204. |
[10] | AVGERINOS T, REBERT A, CHA S K, et al. Enhancing Symbolic Execution with Veritesting [C]//ACM. Proceedings of the 36th International Conference on Software Engineering, May 31- June 7, 2014, Hyderabad, India. New York: ACM, 2014: 1083-1094. |
[11] | MARINESCU P D, CADAR C. Make Test-zesti: A Symbolic Execution Solution for Improving Regression Testing [C]//IEEE. 2012 34th International Conference on Software Engineering (ICSE), June 2-9, 2012, Zurich, Switzerland. New York: IEEE, 2012: 716-726. |
[12] | ENGLER D, DUNBAR D. Under-constrained Execution: Making Automatic Code Destruction Easy and Scalable [C]//ACM. ISSTA07: Proceedings of the 2007 International Symposium on Software Testing and Analysis, July 9-12, 2007, London, United Kingdom. New York: ACM, 2007: 1-4. |
[13] | RAMOS D A, ENGLER D. Under-constrained Symbolic Execution: Correctness Checking for Real Code [C]//USENIX. SEC’15: Proceedings of the 24th USENIX Conference on Security Symposium, August 12-14, 2015, Washington, D.C., USA. Berkeley: USENIX Association, 2015: 49-64. |
[14] | ZOU Quanchen, ZHANG Tao, WU Runpu, et al. From Automation to Intelligence: Survey of Research on Vulnerability Discovery Techniques[J]. Journal of Tsinghua University(Science and Technology), 2018, 58(12):1079-1094. |
邹权臣, 张涛, 吴润浦, 等. 从自动化到智能化:软件漏洞挖掘技术进展[J]. 清华大学学报(自然科学版), 2018, 58(12):1079-1094. | |
[15] |
BORRALLERAS C, LUCAS S, OLIVERAS A, et al. SAT Modulo Linear Arithmetic for Solving Polynomial Constraints[J]. Journal of Automated Reasoning, 2012, 48(1):107-131.
doi: 10.1007/s10817-010-9196-8 URL |
[16] | ARMANDO A, BONACINA M P, RANISE S, et al. New Results on Rewrite-based Satisfiability Procedures[J]. ACM Transactions on Computational Logic (TOCL), 2009, 10(1):1-51. |
[17] | CIMATTI A, GRIGGIO A, SCHAAFSMA B J, et al. The MathSat5 SMT Solver [C]//TACAS. Proceedings of the 19th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, March 16-24, 2013, Rome, Italy. Heidelberg: Springer, 2013: 93-107. |
[18] | JHA S, LIMAYE R, SESHIA S A. Beaver: Engineering an Efficient SMT Solver for Bit-vector Arithmetic [C]//CAV. 21st International Conference on Computer Aided Verification, June 26-July 2, 2009, Grenoble, France. Heidelberg: Springer, 2009: 668-674. |
[19] |
KHANH T V, OGAWA M. SMT for Polynomial Constraints on Real Numbers[J]. Electronic Notes in Theoretical Computer Science, 2012, 289(1):27-40.
doi: 10.1016/j.entcs.2012.11.004 URL |
[20] |
SEN K, MARINOV D, AGHA G. CUTE: A Concolic Unit Testing Engine for C[J]. ACM SIGSOFT Software Engineering Notes, 2005, 30(5):263-272.
doi: 10.1145/1095430.1081750 URL |
[21] | CADAR C, DUNBAR D, ENGLER D R. Klee: Unassisted and Automatic Generation of High-coverage Tests for Complex Systems Programs [C]//OSDI. 8th USENIX Symposium on Operating Systems Design and Implementation, December 8-10, 2008, San Diego, California, USA. New York: ACM, 2008: 209-224. |
[22] | VISSER W, GELDENHUYS J, DWYER M B. Green: Reducing, Reusing and Recycling Constraints in Program Analysis [C]//ACM. Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering, November 11-16, 2012, Cary, North Carolina, USA. New York: ACM, 2012: 1-11. |
[23] | AQUINO A, BIANCHI F A, CHEN M, et al. Reusing Constraint Proofs in Program Analysis [C]//SIGSOFT. Proceedings of the 2015 International Symposium on Software Testing and Analysis, July 13-17, 2015, Baltimore, MD, USA. New York: ACM, 2015: 305-315. |
[24] | JIA Xiangyang, GHEZZI C, YING Shi. Enhancing Reuse of Constraint Solutions to Improve Symbolic Execution [C]//ACM. Proceedings of the 2015 International Symposium on Software Testing and Analysis, July 13-17, 2015, Baltimore, MD, USA. New York: ACM, 2015: 177-187. |
[25] | YANG Guowei, JIA Xiangyang, PĂSĂREANU C S, KHURSHID S. Memoized Symbolic Execution [C]//ACM. Proceedings of the 2012 International Symposium on Software Testing and Analysis, July 15-20, 2012, Minneapolis, MN, USA. New York: ACM, 2012: 144-154. |
[26] |
ZHANG Xiong, LI Zhoujun. Survey of Fuzz Testing Technology[J]. Computer Science, 2016, 43(5):1-8, 26.
doi: 10.1063/1.31301 URL |
张雄, 李舟军. 模糊测试技术研究综述[J]. 计算机科学, 2016, 43(5):1-8,26. | |
[27] |
LI Jun, ZHAO Bodong, ZHANG Chao. Fuzzing: A Survey[J]. Cybersecurity, 2018, 1(1):1-13.
doi: 10.1186/s42400-018-0005-8 URL |
[28] |
SU Y K, CHA S, BAE D H. Automatic and Lightweight Grammar Generation for Fuzz Testing[J]. Computers & Security, 2013, 36(6):1-11.
doi: 10.1016/j.cose.2013.02.001 URL |
[29] | DE RUITER J, POLL E. Protocol State Fuzzing of TLS Implementations [C]//USENIX. SEC’15: Proceedings of the 24th USENIX Conference on Security Symposium, August 12-14, 2015, Washington, D.C., USA. Berkeley: USENIX Association, 2015: 193-206. |
[30] | MCNALLY R, YIU K, GROVE D, et al. Fuzzing: the State of the Art[R]. Edinburgh (Australia): Defence Science and Technology Organisation Edinburgh, DSTO-TN-1043, 2012. |
[31] | JIN Tong. Optimization Strategy Based on Directed Fuzzing[J]. Digital Technology & Application, 2021, 39(3):81-83. |
金童. 基于导向性漏洞挖掘的优化策略[J]. 数字技术与应用, 2021, 39(3):81-83. | |
[32] | WANG Chenxin, KANG Shunyao. ADFL: an Improved Algorithm for American Fuzzy Lop in Fuzz Testing [C]//ACM. International Conference on Cloud Computing and Security, June 8-10, 2018, Haikou, China. Heidelberg: Springer, 2018: 27-36. |
[33] |
BOEHME M, CADAR C, ROYCHOUDHURY A. Fuzzing: Challenges and Reflections[J]. IEEE Software, 2021, 38(3):79-86.
doi: 10.1109/MS.2020.3016773 URL |
[34] | CHAO W C, LIN S C, CHEN Y H, et al. Design and Implement Binary Fuzzing Based on Libfuzzer [C]//IEEE. 2018 IEEE Conference on Dependable and Secure Computing (DSC), December 10-13, 2018, Kaohsiung, Taiwan, China. New York: IEEE, 2018: 1-2. |
[35] | GAN Shuitao, ZHANG Chao, QIN Xiaojun, et al. CollAFL: Path Sensitive Fuzzing [C]//IEEE. 2018 IEEE Symposium on Security and Privacy (SP), May 20-24, 2018, San Francisco, CA, USA. New York: IEEE, 2018: 679-696. |
[36] | RAWAT S, JAIN V, KUMAR A, et al. VUzzer: Application-aware Evolutionary Fuzzing [C]//NDSS. The Network and Distributed System Security (NDSS) Symposium 2017, February 26-March 1, 2017, San Diego, California, USA. San Diego: NDSS, 2017: 1-14. |
[37] | BIYANI A, SHARMA G, AGHAV J, et al. Extension of SPIKE for Encrypted Protocol Fuzzing [C]//IEEE. 2011 Third International Conference on Multimedia Information Networking and Security, November 4-6, 2011, Shanghai, China. New York: IEEE, 2011: 343-347. |
[38] | HODOVÁN R, KISS Á, GYIMÓTHY T. Grammarinator: a Grammar-based Open Source Fuzzer [C]//ACM. Proceedings of the 9th ACM SIGSOFT International Workshop on Automating TEST Case Design, Selection, and Evaluation, November 5, 2018, Lake Buena Vista, FL, USA. New York: ACM, 2018: 45-48. |
[39] | ZHANG Hua, ZHANG Zhao, TANG Wen. Improve Peach: Making Network Protocol Fuzz Testing More Precisely[EB/OL]// https://www.scientific.net/AMM.551.642, 2014-05-10. |
[40] | WANG Junjie, CHEN Bihuan, WEI Lei, et al. Skyfire: Data-driven Seed Generation for Fuzzing [C]//IEEE. 2017 IEEE Symposium on Security and Privacy (SP), May 22-26, 2017, San Jose, CA, USA. New York: IEEE, 2017: 579-594. |
[41] | REN Yuzhu, ZHANG Youwei, AI Chengwei. Survey on Taint Analysis Technology[J]. Journal of Computer Applications, 2019, 39(8):2302-2309. |
任玉柱, 张有为, 艾成炜. 污点分析技术研究综述[J]. 计算机应用, 2019, 39(8):2302-2309. | |
[42] | WANG Lei, LI Feng, LI Lian, et al. Principle and Practice of Taint Analysis[J]. Journal of Software, 2017, 28(4):860-882. |
王蕾, 李丰, 李炼, 等. 污点分析技术的原理和实践应用[J]. 软件学报, 2017, 28(4):860-882. | |
[43] | NI Yuandong, ZHANG Chao, YIN Tingting. A Survey of Smart Contract Vulnerability Research[J]. Journal of Cyber Security, 2020, 5(3):78-99. |
[44] | AVGERINOS T, CHA S K, REBERT A, et al. Automatic Exploit Generation[J]. Communications of the ACM, 2014, 57(2):74-84. |
[45] | HUANG S K, HUANG M H, HUANG P Y, et al. Crax: Software Crash Analysis for Automatic Exploit Generation by Modeling Attacks as Symbolic Continuations [C]//IEEE. 2012 IEEE Sixth International Conference on Software Security and Reliability Companion, June 20-22, 2012, Gaithersburg, MD, USA. New York: IEEE, 2012: 78-87. |
[46] | CHA S K, AVGERINOS T, REBERT A, et al. Unleashing Mayhem on Binary Code [C]//IEEE. Proceedings of the 2012 IEEE Symposium on Security and Privacy, May 20-25, 2012, Washington, D.C., USA. New York: IEEE Computer Society, 2012: 380-394. |
[47] | LI Minglei, LU Yuliang, HUANG Hui, et al. Research on Automatic Exploitation of House of Spirit Heap Overflow Vulnerability [C]//IEEE. 2020 IEEE 4th Information Technology, Networking, Electronic and Automation Control Conference (ITNEC), June 12-14, 2020, Chongqing, China. New York: IEEE, 2020: 751-757. |
[48] | WANG Minghua, SU Purui, LI Qi, et al. Automatic Polymorphic Exploit Generation for Software Vulnerabilities [C]//Springer. International Conference on Security and Privacy in Communication Systems, September 25-28, 2013, Sydney, NSW, Australia. Heidelberg: Springer, 2013: 216-233. |
[49] | HU H, CHUA Z L, ADRIAN S, et al. Automatic Generation of Data-oriented Exploits [C]//ACM. Proceedings of the 24th USENIX Conference on Security Symposium, August 12-14, 2015, Washington, D.C., USA. New York: USENIX Association, 2015: 177-192. |
[50] | YILMAZ F, SRIDHAR M, CHOI W. Guide Me to Exploit: Assisted ROP Exploit Generation for ActionScript Virtual Machine [C]//ACM. Annual Computer Security Applications Conference, December 7-11, 2020, Austin, Texas, USA. New York: ACM, 2020: 386-400. |
[51] |
PADARYAN V A, KAUSHAN V V, FEDOTOV A N. Automated Exploit Generation for Stack Buffer Overflow Vulnerabilities[J]. Programming and Computer Software, 2015, 41(6):373-380.
doi: 10.1134/S0361768815060055 URL |
[52] | CHEN Yueqi, LIN Zhenpeng, XING Xinyu. A Systematic Study of Elastic Objects in Kernel Exploitation [C]//ACM. Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, November 9-13, 2020, Virtual Event, USA. New York: ACM, 2020: 1165-1184. |
[53] | WANG Yan, ZHANG Chao, XIANG Xiaobo, et al. Revery: From Proof-of-concept to Exploitable [C]//ACM. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, October 15-19, 2018, Toronto, Ontario, Canada. New York: ACM, 2018: 1914-1927. |
[54] | HEELAN S, MELHAM T, KROENING D. Automatic Heap Layout Manipulation for Exploitation [C]//USENIX. Proceedings of the 27th USENIX Conference on Security Symposium, August 15-17, 2018, Baltimore, MD, USA. Berkeley: USENIX Association, 2018: 763-779. |
[55] | ECKERT M, BIANCHI A, WANG R, et al. HEAPHOPPER: Bringing Bounded Model Checking to Heap Implementation Security [C]//USENIX. Proceedings of the 27th USENIX Conference on Security Symposium, August 15-17, 2018, Baltimore, MD, USA. Berkeley: USENIX Association, 2018: 99-116. |
[56] | LIU Danjun, WANG Jingyuan, RONG Zeling, et al. Pangr: A Behavior-based Automatic Vulnerability Detection and Exploitation Framework [C]//IEEE. 2018 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/12th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE), August 1-3, 2018, New York, NY, USA. New York: IEEE, 2018: 705-712. |
[57] | HEELAN S, MELHAM T, KROENING D. Gollum: Modular and Greybox Exploit Generation for Heap Overflows in Interpreters [C]//ACM. Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, November 11-15, 2019, London, United Kingdom. New York: ACM, 2019: 1689-1706. |
[58] | YUN I, KAPIL D, KIM T. Automatic Techniques to Systematically Discover New Heap Exploitation Primitives [C]//USENIX. 29th USENIX Security Symposium, August 12-14, 2020, Virtual Event, USA. New York: ACM, 2020: 1111-1128. |
[59] | ZHAO Zixuan, WANG Yan, GONG Xiaorui. HAEPG: An Automatic Multi-hop Exploitation Generation Framework [C]//German Informatics Society (GI). International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, June 24-26, 2020, Lisbon, Portugal. Heidelberg: Springer, 2020: 89-109. |
[60] | WANG Yan, ZHANG Chao, ZHAO Zixuan, et al. MAZE: Towards Automated Heap Feng Shui[EB/OL]. https://www.usenix.net/system/files/sec21fall-wang-yan.pdf, 2021-08-12. |
[61] | DIXIT S, GEETHNA T K, JAYARAMAN S, et al. AngErza: Automated Exploit Generation [C]//IEEE. 2021 12th International Conference on Computing Communication and Networking Technologies (ICCCNT), July 6-8, 2021, Kharagpur, India. New York: IEEE, 2021: 1-6. |
[62] | WU Wei, CHEN Yueqi, XU Jun, et al. FUZE: Towards Facilitating Exploit Generation for Kernel Use-after-free Vulnerabilities [C]//USENIX. 27th USENIX Security Symposium, August 15-17, 2018, Baltimore, MD, USA. New York: ACM, 2018: 781-797. |
[63] | WU Wei, CHEN Yueqi, XING Xinyu, et al. KEPLER: Facilitating Control-flow Hijacking Primitive Evaluation for Linux Kernel Vulnerabilities [C]//USENIX. Proceedings of the 28th USENIX Conference on Security Symposium, August 14-16, Santa Clara, CA, USA. Berkeley: USENIX Association, 2019: 1187-1204. |
[64] | CHEN Yueqi, XING Xinyu. Slake: Facilitating Slab Manipulation for Exploiting Vulnerabilities in the Linux Kernel [C]//ACM. Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, November 11-15, 2019, London, United Kingdom. New York: ACM, 2019: 1707-1722. |
[65] | CHEN Weiteng, ZOU Xiaocheng, LI Guoren, et al. KOOBE: Towards Facilitating Exploit Generation of Kernel Out-of-bounds Write Vulnerabilities[C]//USENIX. 29th USENIX Security Symposium, August 12-14, 2020, Virtual Event, USA. New York: ACM, 2020: 1093-1110. |
[66] | SHEN Shuaiqi, ZHANG Kuan, ZHOU Yi, et al. Security in Edge-assisted Internet of Things: Challenges and Solutions[J]. Science China Information Sciences, 2020, 63(12):1-14. |
[67] | FALANA O J, EBO I O, TINUBU C O, et al. Detection of Cross-site Scripting Attacks Using Dynamic Analysis and Fuzzy Inference System [C]//IEEE. 2020 International Conference in Mathematics, Computer Engineering and Computer Science (ICMCECS), March 18-21, 2020, Ayobo, Nigeria. New York: IEEE, 2020: 1-6. |
[68] | ZHANG Bing, LI Jingyue, REN Jiadong, et al. Efficiency and Effectiveness of Web Application Vulnerability Detection Approaches: A Review[EB/OL]. https://dl.acm.org/doi/10.1145/3474553, 2021-10-08. |
[69] | HUANG S K, LU H L, LEONG W M, et al. Craxweb: Automatic Web Application Testing and Attack Generation [C]//IEEE. Proceedings of the 2013 IEEE 7th International Conference on Software Security and Reliability, June 18-20, 2013, Gaithersburg, MD, USA. New York: IEEE, 2013: 208-217. |
[70] | ALHUZALI A, ESHETE B, GJOMEMO R, et al. Chainsaw: Chained Automated Workflow-based Exploit Generation [C]//ACM. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, October 24-28, 2016, Vienna, Austria. New York: ACM, 2016: 641-652. |
[71] |
JAN S, PANICHELLA A, ARCURI A, et al. Automatic Generation of Tests to Exploit XML Injection Vulnerabilities in Web Applications[J]. IEEE Transactions on Software Engineering, 2017, 45(4):335-362.
doi: 10.1109/TSE.32 URL |
[72] | GARMANY B, STOFFEL M, GAWLIK R, et al. Towards Automated Generation of Exploitation Primitives for Web Browsers [C]//ACSAC. Proceedings of the 34th Annual Computer Security Applications Conference, December 3-7, 2018, San Juan, PR, USA. New York: ACM, 2018: 300-312. |
[73] | ALHUZALI A, GJOMEMO R, ESHETE B, et al. NAVEX: Precise and Scalable Exploit Generation for Dynamic Web Applications [C]//USENIX. Proceedings of the 27th USENIX Conference on Security Symposium, August 15-17, 2018, Baltimore, MD, USA. Berkeley: USENIX Association, 2018: 377-392. |
[74] | GARCIA J, HAMMAD M, GHORBANI N, et al. Automatic Generation of Inter-component Communication Exploits for Android Applications [C]//ACM. Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering, September 4-8, 2017, Paderborn, Germany. New York: ACM, 2017: 661-671. |
[75] | LUO Lannan, ZENG Qiang, CAO Chen, et al. System Service Call-oriented Symbolic Execution of Android Framework with Applications to Vulnerability Discovery and Exploit Generation [C]//ACM. Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services, June 19-23, 2017, Niagara Falls, New York, USA. New York: ACM, 2017: 225-238. |
[76] | YANG Guangliang, HUANG J, GU Guofei. Automated Generation of Event-oriented Exploits in Android Hybrid Apps[EB/OL]. https://www.ndss-symposium.org/wp-content/uploads/2018/02/ndss2018_04B-3_Yang_paper.pdf, 2018-02-20. |
[77] | ZHOU Mingsong, ZENG Fanping, ZHANG Yu, et al. Automatic Generation of Capability Leaks’ Exploits for Android Applications [C]//IEEE. 2019 IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW), April 22-23, 2019, Xi’an, China. New York: IEEE, 2019: 291-295. |
[78] | SU Purui, HUANG Huafeng, YU Yuanping, et al. Summary of Research on Software Vulnerability Auto Exploit[J]. Journal of Guangzhou University (Natural Science Edition), 2019, 18(3):52-58. |
苏璞睿, 黄桦烽, 余媛萍, 等. 软件漏洞自动利用研究综述[J]. 广州大学学报(自然科学版), 2019, 18(3):52-58. | |
[79] | SCHWARTZ E J, AVGERINOS T, BRUMLEY D. Q: Exploit Hardening Made Easy[EB/OL]. https://www.usenix.org/legacy/event/sec11/tech/full_papers/Schwartz.pdf, 2011-08-08. |
[80] | HU Hong, SHINDE S, ADRIAN S, et al. Data-oriented Programming: on the Expressiveness of Non-control Data Attacks [C]//IEEE. 2016 IEEE Symposium on Security and Privacy (SP), May 22-26, 2016, San Jose, CA, USA. New York: IEEE, 2016: 969-986. |
[81] | ISPOGLOU K K, ALBASSAM B, JAEGER T, et al. Block Oriented Programming: Automating Data-only Attacks [C]//ACM. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, October 15-19, 2018, Toronto, Ontario, Canada. New York: ACM, 2018: 1868-1882. |
[82] | FANG Hao, FEN Wenbo, FU Menglin. An Automatic Exploit Generation Method Based on Symbolic Execution [C]//IMCCC. 2018 Eighth International Conference on Instrumentation & Measurement, Computer, Communication and Control (IMCCC), July 19-21, 2018, Harbin, China. New York: IEEE, 2018: 437-444. |
[1] | 刘红, 谢永恒, 王国威, 蒋帅. 基于跨领域本体的信息安全分析[J]. 信息网络安全, 2020, 20(9): 82-86. |
[2] | 郭启全, 张海霞. 关键信息基础设施安全保护技术体系[J]. 信息网络安全, 2020, 20(11): 1-9. |
[3] | 刘延华, 高晓玲, 朱敏琛, 苏培煌. 基于数据特征学习的网络安全数据分类方法研究[J]. 信息网络安全, 2019, 19(10): 50-56. |
[4] | 王友俊, 张红旗, 王津, 王凝. 面向任务的网络空间故障定位模型[J]. 信息网络安全, 2017, 17(4): 61-70. |
[5] | 王绍节, 龙春, 万巍, 赵静. 基于网络空间安全实时数据的HDFS小文件问题研究[J]. 信息网络安全, 2017, 17(10): 81-85. |
[6] | 赵艳玲. 美国改变网络空间安全游戏规则的新理念与新技术[J]. 信息网络安全, 2015, 15(9): 50-53. |
[7] | 陈华山, 皮兰, 刘峰, 林东岱. 网络空间安全科学基础的研究前沿及发展趋势[J]. 信息网络安全, 2015, 15(3): 1-5. |
[8] | 李战宝, 张文贵. 网络抗压能力是网络空间安全发展的新理念[J]. 信息网络安全, 2014, 14(9): 76-79. |
[9] | 关通, 任馥荔, 文伟平, 张浩. 基于Windows的软件安全典型漏洞利用策略探索与实践[J]. 信息网络安全, 2014, 15(11): 59-65. |
[10] | . 基于 Windows 的软件安全典型漏洞利用策略探索与实践[J]. , 2014, 14(11): 59-. |
[11] | 曹金璇;王任华;李思其;徐云峰. 网络谣言传播机理与治理对策[J]. , 2013, 13(12): 0-0. |
[12] | 张立武. 网络信任体系发展趋势研究[J]. , 2011, 11(7): 0-0. |
[13] | 张文贵;彭博;潘卓. 美国《国家网络安全综合计划(CNCI)》综述[J]. , 2010, (9): 0-0. |
[14] | 张文贵;彭博. 美国等西方国家加紧抢占网络空间制高点[J]. , 2010, (10): 0-0. |
[15] | 蔡翠红. 美国国家信息安全战略的演变与评价[J]. , 2010, (1): 0-0. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||