基于协同式数据结构逆向推理的漏洞定位与诊断方法研究

项目名称： 基于协同式数据结构逆向推理的漏洞定位与诊断方法研究

项目编号： No.61303213

项目类型： 青年科学基金项目

立项/批准年度： 2014

项目学科： 自动化技术、计算机技术

项目作者： 赵磊

作者单位： 武汉大学

项目金额： 23万元

中文摘要： 软件漏洞是众多安全事件的源头。漏洞定位与诊断是漏洞挖掘中的难点问题，漏洞利用的异常建模及检测是解决该问题的关键挑战。针对当前漏洞利用特征不够底层、不适于对抗多样化和复杂化的攻击等问题，本课题跳出"以攻击特征为对象"的漏洞利用特征建模方式，从程序的语言语义角度，研究基于数据结构的漏洞利用特征和异常检测模型，阐述更为底层的漏洞利用机理，探索提升异常检测准确率的新途径；针对二进制程序缺失符号和类型、数据结构逆向推理的不精确等问题，揭示"程序输入的结构与代码数据结构之间的协同映射"这一规律，研究双向协同的数据结构逆向推理算法；针对复杂漏洞利用中多个攻击步骤的隐蔽性问题，研究基于数据结构异常检测的差分式漏洞定位方法、基于上下文回溯的漏洞诊断方法，最后以实例验证。本课题拟在漏洞利用特征及异常检测模型上取得突破，研究成果在自动化漏洞挖掘等方面具有极大应用价值，对安全测试、软件保护等具有重要的科学意义。

中文关键词： 软件安全；漏洞分析；污点分析；逆向工程；

英文摘要： A lot of security events are caused by software vulnerabilities, and the exploits are the main approaches to compromise the information systems. Vulnerability localization and diagnosis aim to locate the root causes of vulnerabilities, identify the context to trigger vulnerabilities, and confirm whether the vulnerabilities could be exploit or not, which are desirable to be automated and efficient as much as possible. To model the characters of exploit and the abnormal program behaviors caused by vulnerabilities are the chain challenges. At present, most of the attack detection techniques are based on the characters of attack manifestation, such as overwriting the return addresses, or overwriting the function pointers. However, Such detection techniques could only detect the attack manifestations, not the attacks. This research investigates algorithms and techniques to model the abnormal behaviors of exploits and diagnose the vulnerabilities. First, we aim to construct the exploit character model from the viewpoint of program language semantics, by catching the mechanism that exploits generally violate the program language semantics. Second, the vulnerability analysis on the binary is limited by the missing of data structures and types. For this research issue, we demonstrate that the format of program input has

英文关键词： Software security；Vulnerability analysis；Dynamic tainting；Reverse engineering；