可控内存写漏洞自动利用生成方法  被引量:1

Automatic exploitation generation method of write-what-where vulnerability

在线阅读下载全文

作  者:黄桦烽 苏璞睿[1,2] 杨轶 贾相堃[1,2] HUANG Huafeng;SU Purui;YANG Yi;JIA Xiangkun(Trusted Computing and Information Assurance Laboratory,Institute of Software Chinese Academy of Sciences,Beijing 100190,China;School of Computer Science and Technology,University of Chinese Academy of Sciences,Beijing 100190,China)

机构地区:[1]中国科学院软件研究所可信计算与信息保障实验室,北京100190 [2]中国科学院大学计算机科学与技术学院,北京100190

出  处:《通信学报》2022年第1期83-95,共13页Journal on Communications

基  金:国家自然科学基金资助项目(No.U1736209,No.61572483,No.U1836117,No.U1836113,No.62102406);中国科学院战略性先导科技专项基金资助项目(No.XDC02020300)。

摘  要:针对现有漏洞自动利用生成方法无法实现从“可控内存写”到“控制流劫持”的自动构造问题,提出一种可控内存写漏洞的自动利用生成方法。首先,基于内存地址控制力度的动态污点分析方法检测可控内存写漏洞;然后,基于漏洞利用模式进行利用要素搜索,通过约束求解自动构造可控内存写漏洞的利用。实验结果表明,所提方法可以有效检测可控内存写漏洞,搜索漏洞利用要素,自动生成从可控内存写到控制流劫持的利用。To solve the problem that the current vulnerability automatic exploitation generation methods cannot automatically generate control-flow-hijacking exploitation from write-what-where,a method of automatic exploitation generation for write-what-where was proposed.First,the write-what-where vulnerability was detected based on the memory address control strength dynamic taint analysis method.Then,the vulnerability exploitation elements were searched based on the vulnerability exploitation modes,and the exploitation of write-what-where vulnerability was generated automatically by constraint solving.The experimental results show that the proposed method can effectively detect write-what-where vulnerability,search exploitation elements,and automatically generate the control-flow-hijacking exploitation from write-what-where.

关 键 词:可控内存写 控制流劫持 动态污点分析 漏洞利用要素 自动利用生成 

分 类 号:TP311[自动化与计算机技术—计算机软件与理论]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象