有限资源条件下的软件漏洞自动挖掘与利用

黄桦烽; 王嘉捷; 杨轶; 苏璞睿; 聂楚江; 辛伟

doi:10.7544/issn1000-1239.2019.20190341

有限资源条件下的软件漏洞自动挖掘与利用

黄桦烽^1,2,
王嘉捷³,
杨轶^1,2,
苏璞睿^1,2,
聂楚江^1,2,
辛伟³

¹(中国科学院软件研究所可信计算与信息保障实验室北京 100190)
²(中国科学院大学计算机科学与技术学院北京 100190)
³(中国信息安全测评中心北京 100085) (huafeng@iscas.ac.cn)

基金项目: 国家自然科学基金项目(U1736209，U1636115，U1836117，U1836113，61572483)

详细信息

中图分类号: TP311
计量
- 文章访问数: 1450
- HTML全文浏览量: 10
- PDF下载量: 1265
出版历程
- 发布日期: 2019-10-31

Automatic Software Vulnerability Discovery and Exploit Under the Limited Resource Conditions

¹(Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, Beijing 100190)
²(School of Computer Science and Technology, University of Chinese Academy of Sciences, Beijing 100190)
³(China Information Technology Security Evaluation Center, Beijing 100085)

摘要

摘要: 漏洞是系统安全与攻防对抗的核心要素，漏洞的自动发现、分析、利用是长期以来研究的热点和难点，现有研究主要集中在模糊测试、污点分析、符号执行等方面.当前研究一方面主要从漏洞的发现、分析和利用的不同环节提出了一系列解决方案，缺乏系统性的研究和实现；另一方面相关方法未考虑现实环境的有限资源条件, 其中模糊测试主要基于大规模的服务器集群实施，污点分析和符号执行方法时间与空间复杂度高，且容易出现状态爆炸.针对有限资源条件下的漏洞自动挖掘与利用问题，建立了Weak-Tainted程序运行时漏洞模型，提出了一套面向漏洞自动挖掘、分析、利用的完整解决方案；提出了污点传播分析优化方法和基于输出特征反馈的输入求解方法等有限资源条件下的分析方案，提升了漏洞挖掘分析与利用生成能力；实现了漏洞自动挖掘和利用原型系统，单台服务器设备可并发运行25个漏洞挖掘与分析任务.对2018年BCTF比赛样本进行了实验对比测试，该输入求解方法在求解atoi,hex,base64编码的能力均优于ANGR, 同等漏洞挖掘能力条件下效率比AFL提高45.7%，测试的50个样本中有24个能够自动生成利用代码，验证了Weak-Tainted漏洞描述模型用于漏洞自动挖掘和利用生成的优势.
- 漏洞 /
- 模糊测试 /
- 污点传播 /
- 符号执行 /
- 输入求解 /
- 漏洞自动利用
Abstract: Vulnerabilities are the core elements of system security and attack-defense confrontation. The automatic discovery, analysis and exploit of vulnerabilities has been a hot and difficult issue for a long time. The related researches mainly focus on fuzzing, propagate taint analysis and symbolic execution. On one hand, current solutions focus on different aspects of vulnerability discovery, analysis and exploit, which lack systematic researches and implementations. On the other hand, current solutions ignore the feasibility of limited resources under the realistic environment. Inside, the fuzzing is mainly based on large-scale server cluster system implementation, and the methods of propagate taint analysis and symbolic execution have high time and space complexity, which are prone to state explosion. Counter the problem of vulnerability automatic discovery and exploit under the limited resources, a program dynamic runtime Weak-Tainted model is established, then a complete solution for automatic vulnerability discovery, analysis and exploit is presented. The paper optimizes and enhances the ability of propagate taint analysis, and proposes a method for input solving based on output feature feedback, and any other analysis solutions under the limited resources to improve the ability and efficiency of vulnerability discovery, analysis and exploit. The paper designs and implements the vulnerability discovery and exploit automatic prototype system, which can concurrent 25 tasks for fuzzing, and propagate taint analysis and input solving with one server. The paper tests experiments on the samples of the 2018 BCTF competition, and the results show that the method of input solving in this paper is superior to ANGR for solving the atoi, hex and base64 encoding. The efficiency of vulnerability discovery is improved 45.7% higher than AFL, and 24 of the 50 samples can generate exploits automatically successfully. The advantages of Weak-Tainted vulnerability description model for vulnerability discovery and exploit are verified.
- vulnerability /
- fuzzing /
- taint propagate /
- symbolic execution /
- input solving /
- automatic exploit

HTML全文

参考文献(0)

施引文献(18)

期刊类型引用(5)

1.	程宁，戴远泉. 基于核协方差矩阵的无监督数据聚类. 计算机应用与软件. 2023(05): 288-296 . 百度学术
2.	刘旸，吴安波，李慧斌. LBSN中利用深度学习的POI推荐方法. 计算机工程与设计. 2022(10): 2926-2934 . 百度学术
3.	谢林基，赵铁柱，柳毅. 兴趣点推荐研究综述. 计算机应用与软件. 2022(12): 1-12+57 . 百度学术
4.	魏宁，袁方，刘宇. 面向本地和外地用户情感分析推荐模型. 河北大学学报(自然科学版). 2021(04): 419-425 . 百度学术
5.	李丹霞. 基于位置的社交网络潜在好友推荐系统研究. 计算机产品与流通. 2020(06): 98+105 . 百度学术