软件漏洞自动化利用综述  

作　　者：武泽慧 魏强[1] 王新蕾 王允超[1] 燕宸毓 陈静[2] Wu Zehui;Wei Qiang;Wang Xinlei;Wang Yunchao;Yan Chenyu;Chen Jing(State Key Laboratory of Mathematical Engineering and Advanced Computing(Strategic Support Force Information Engineering University),Zhengzhou 450001;School of Cyber Science and Engineering,Zhengzhou University,Zhengzhou 450001)

机构地区：[1]数学工程与先进计算国家重点实验室(战略支援部队信息工程大学),郑州450001 [2]郑州大学网络空间安全学院,郑州450001

出　　处：《计算机研究与发展》2024年第9期2261-2274,共14页Journal of Computer Research and Development

基　　金：国家重点研发计划项目(2019QY0501)。

摘　　要：近年来软件漏洞数目急剧增加,漏洞危害也引起业界广泛关注.准确、高效、快速地编写出漏洞利用代码是漏洞危害性评估和漏洞修复的关键.当前漏洞利用代码主要依赖人工手动分析编写,效率较低.因此,如何实现自动化的漏洞利用代码生成是该领域研究的热点和难点.综述分析了该领域近30年的代表性成果,首先将漏洞自动化利用过程分为典型的4个环节:漏洞根源定位、可达路径搜索、漏洞原语生成、利用代码生成.然后从人机边界、攻防博弈、共性技术3个角度对上述成果进行梳理,明确当前研究的重点、难点,以及取得的阶段性成果.最后从现有成果与技术实用化所面临的差距方面,论述当前研究存在的瓶颈问题、未来的发展趋势,以及下一步的研究重点.In recent years,the number of software vulnerabilities has increased sharply and its harmfulness has aroused widespread concern in society.Compiling vulnerability utilization code accurately,efficiently and quickly is the key to vulnerability damage assessment and vulnerability repairment.At present,the vulnerability exploitation code mainly relies on manual analysis and writing,which is inefficient.Therefore,how to realize automatic vulnerability exploitation code generation(AEG)is a hotspot and difficulty in software security research field.In this paper,we analyze the representative achievements in this field in recent 30 years.Firstly,we divide the vulnerability automatic utilization process into four typical segments:vulnerability root location,reachable path search,vulnerability primitive generation and utilization code generation.After that we sort out and select the typical work of the above achievements from the three perspectives of human-machine boundary,attack and defense game,and common basic technology.And on this basis,we define the key points,difficulties and phased achievements of the current research.Finally,from the gap between the existing achievements and the practical application of automatic exploit generation,we discuss the bottleneck problems existing in the current research,the future development trend of AEG,and the next research points we should focus on.

关 键 词：软件安全 漏洞分析 自动化利用 利用生成 漏洞根源 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]