基于二进制程序的动态污点分析技术研究综述  被引量：1

作　　者：黄冬秋 韩毅 杨佳庚 田志宏 HUANG Dong-qiu;HAN Yi;YANG Jia-geng;TIAN Zhi-hong(Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou 510006, China;Cyberspace Security Research Center, Pengcheng Laboratory, Shenzhen 518055, China)

机构地区：[1]广州大学网络空间先进技术研究院,广东广州510006 [2]鹏城实验室网络空间安全研究中心,广东深圳518055

出　　处：《广州大学学报（自然科学版）》2020年第2期57-68,共12页Journal of Guangzhou University:Natural Science Edition

基　　金：国家自然科学基金资助项目(U1636215,61572492);广东省重点研发计划资助项目(2019B010137004,2019B010136001);广东省重点科技计划资助项目(LZC0023)。

摘　　要：随着程序变得越来越庞大、难以处理,黑客攻击技术越来越复杂,网络空间安全形势日趋严峻,因此,实施有效的自动漏洞检测技术和相关修补技术以防御零day攻击变得愈发重要.动态污点分析技术是将不受信任来源的输入数据视为污染数据,然后监视程序的执行情况以跟踪污染数据传播,并检查污染数据何时被使用.该技术被广泛应用于程序分析、模糊测试、漏洞检测、信息泄露检测、逆向工程和恶意软件分析等安全领域.文章对目前比较流行的动态污点分析框架的研究现状和应用领域进行综述.首先,详细介绍了动态污点分析的支撑技术动态二进制插桩技术、虚拟化技术、虚拟机自省技术和弥合语义鸿沟技术等的基本原理、相关定义、面临的问题与存在的挑战;然后简单介绍动态污点分析技术的技术原理;接着,对比较流行的动态污点分析框架进行调研和分析,根据发展阶段和应用方向将动态污点分析技术划分为进程级动态污点分析技术和全系统级动态污点分析技术,并分别进行详细阐述;最后,简要分析了两类动态污点分析技术的缺点和不足,并展望该技术的研究前景和发展趋势.As programs become larger and more difficult to handle,hacker attack techniques become more and more complex,and the security situation in cyberspace is becoming increasingly severe.Therefore,it becomes increasingly important to implement effective automatic vulnerability detection techniques and related patching techniques to prevent zero-day attacks.Dynamic taint analysis technology marks the open untrusted input source data as“tainted”,then monitors the execution of the program to track the spread of the“tainted”and check when the“tainted”data are used.This technology is widely used in security fields such as program analysis,fuzz testing,vulnerability detection,information leakage detection,reverse engineering,and malware analysis.In this article,we review the current research status and application fields of the popular dynamic stain analysis framework.First,the paper presents introduces the supporting technology of dynamic taint analysis,dynamic binary instrumentation technology,virtualization technology,virtual machine introspection technology,and the basic principles,related definitions,problems and challenges of bridging semantic gap technology in detail.Then we go on to introduce the technical principle of dynamic taint analysis technology,conduct in-depth investigation and analysis on the more popular dynamic taint analysis framework,and divide dynamic taint analysis technology into two directions according to the development stage and application direction,that is,process-level dynamic taint analysis technology and system-level dynamic taint analysis technology.Finally,we briefly analyze the shortcomings and deficiencies of two types of dynamic taint analysis technologies,and point out to the research prospects and development trends of the technology.

关 键 词：动态二进制插桩技术 动态污点分析技术 进程级动态污点分析技术 全系统级动态污点分析技术 

分 类 号：TP309.1[自动化与计算机技术—计算机系统结构]