高级检索

    基于内存依赖关系度量的解密数据提取方法

    Plaintext Recovery Based on Memory Dependence Measurement

    • 摘要: 基于数据流的程序分析算法能够有效识别程序的数据处理流程,但是对于采用数据加密技术进行通信的网络程序,数据流分析由于无法准确识别、提取解密数据而失效.针对如何提取解密数据,提出一种基于内存依赖度的算法,从解密数据内存依赖度的角度研究如何提取加密通信中的明文数据及实现该算法的原型工具EncMemCheck.通过实验对比分析该算法的优缺点,并在加密通信软件UnrealIrcd上进行实际测试,验证了算法的准确性和实用性.

       

      Abstract: Software analysis has had a devastating effect on software security. In the area of software analysis, data flow analysis can effectively identify the data processing and recognize the bounds of data structures, which helps us better understand the behavior of the program. However, for the programs that use data encryption technology for communication, data flow analysis will encounter great difficulties because it cannot automatically extract decrypted data, and hence cannot effectively track data processing which is pivotal for software analysis. In this work we propose memory dependence measurement, a novel approach for finding and extracting decrypted data on commodity software. While previous work focuses on the recognition of decryption functions and instructions, our method shifts the focus to identifying the memory address of decrypted data. We implement our memory dependence technique in a tool called EncMemCheck. Experiments show that EncMemCheck has more accuracy on real-word encryption algorithm. It is proved that our approach is more practical by testing it on community software UnrealIrcd which adopts encryption technology during communication.

       

    /

    返回文章
    返回