基于协议状态图遍历的RTSP协议漏洞挖掘  被引量：8

作　　者：李佳莉 陈永乐[1] 李志 孙利民[2,3,4] LI Jia-li;CHEN Yong-le;LI Zhi;SUN Li-min(College of Computer Science and Technology,Taiyuan University of Technology, Taiyuan 030600,China;Beijing Key Laboratory of IOT Information Security,Beijing 100093,China;Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China;University of Chinese Academy of Sciences,Beijing 100049,China)

机构地区：[1]太原理工大学计算机科学与技术学院,太原030600 [2]物联网信息安全技术北京市重点实验室,北京100093 [3]中国科学院信息工程研究所,北京100093 [4]中国科学院大学,北京100049

出　　处：《计算机科学》2018年第9期171-176,共6页Computer Science

基　　金：国家重点研发计划(2016YFB0800202);国家自然科学基金(61401300);国防基础科研计划-部队纵向(JCKY2016602B001);国家电网公司科学技术项目(52110417001B)资助

摘　　要：目前,视频监控设备中很多摄像头、DVR、NVR都支持RTSP协议,而且由RTSP协议引起的缓冲区溢出漏洞个数较多,危害性大,因此对RTSP协议的研究具有理论意义和应用价值。直接利用模糊测试框架中的方法生成的测试用例数量庞大,测试过程耗时长。针对上述问题,以视频监控设备的RTSP协议为研究对象,提出对协议基本块的样本集进行去重,利用协议状态间的约束关系和状态转移的关联关系构造协议状态图,并基于协议状态图进行深度遍历的方法。该方法减少了测试用例的生成,并提高了生成的有效性。对RTSP协议进行fuzzy测试时,利用发送TCP探测包的方法,判断测试目标是否异常。去除记录的异常测试用例的冗余部分,以缩短后续重放过程的耗时,从而提高漏洞挖掘的效率。Currently,many video surveillance equipments like cameras,DVRs,and NVRs support RTSP protocol,and the number of buffer overflow vulnerabilities caused by the RTSP protocol is large and harmful.Therefore,the research on the RTSP protocol has both application value and theoretical significance.The number of test cases generated by directly using the fuzzy test framework is huge,and the test process takes a long time.Aiming at the above problems,this paper took the RTSP protocol of video surveillance equipment as the research object,and proposed a method which removes duplicate sample set of the protocol basic block,uses the constraint relationship and state transition between protocol states to construct protocol state diagram,and dose deep traversal based on protocol state diagram.This method reduces the generation of test cases and improves the effectiveness of generation.When the RTSP protocol is tested by fuzzing method,the method of sending a TCP probe packet is used to determine whether the test target is abnormal.The redundant part of the recorded abnormal test case is removed,which facilitates subsequent playback and reduces the time,thereby improving the efficiency of vulnerability mining.

关 键 词：视频监控设备 RTSP协议 模糊测试 漏洞挖掘 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]