基于符号执行的堆溢出fastbin攻击检测方法  被引量:2

Detection Method for Heap Overflow fastbin Attack Based on Symbolic Execution

在线阅读下载全文

作  者:张超[1] 潘祖烈 樊靖 ZHAO Chao;PAN Zulie;FAN Jing(College of Electronic Engineering,National University of Defense Technology,Hefei 230037,China;Beihai Fleet,Qingdao,Shandong 266000,China)

机构地区:[1]国防科技大学电子对抗学院,合肥230037 [2]北海舰队,山东青岛266000

出  处:《计算机工程》2020年第10期151-158,共8页Computer Engineering

基  金:国家重点研发计划重点专项“网络空间安全”(2017YFB0802905)。

摘  要:为弥补当前软件漏洞自动检测系统无法对含堆溢出漏洞的程序进行自动检测的缺陷,提出一种Linux平台下面向堆溢出的fastbin攻击的自动检测方法。基于已有的fastbin攻击实例,利用fastbin攻击特征,建立fastbin攻击检测模型,并基于该模型给出一种fastbin攻击检测方法。运用污点分析和符号执行技术,通过监控符号数据到达漏洞触发点的关键信息构建路径约束以及触发fastbin攻击的数据约束,基于对约束的求解,判断程序是否存在fastbin攻击的可能,并生成测试用例。实验结果表明,面向堆溢出的fastbin攻击检测方法能够实现对fastbin攻击的准确检测。The existing automatic detection systems for software vulnerabilities fail to automatically detect the programs with heap overflow vulnerabilities.To address the problem,this paper proposes an automatic detection method for heap overflow fastbin attacks on Linux platforms.Based on the fastbin attack examples,the characteristics of fastbin attacks are used to establish a detection model for fastbin attacks,and on this basis a detection method of fastbin attacks is proposed.The method uses the technique of stain analysis and symbolic execution to monitor the key information of symbol data reaching the vulnerability trigger point,and on this basis constructs path constraints and data constraints that trigger fastbin attacks.Based on the solution of constraints,the possibility of fastbin attacks in the program can be judged and test cases can be generated.Experimental results show that the proposed heap overflow fastbin attack detection method can effectively detect fastbin attacks.

关 键 词:堆溢出 fastbin攻击 符号执行 污点分析 约束构建 

分 类 号:TP309[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象