基于二进制代码的动态污点分析

污点分析是安全领域一种重要的动态分析技术。传统二进制代码级的污点分析存在两个主要问题:a)指令级的污点传播规则不准确;b)无法进入内核函数,造成分析不准确,同时大量插桩函数内部指令影响系统效率。为此提出两种方法解决上述问题。首先,按照污点传播语义制定准确的指令级传播规则;其次,设计函数调用与退出的污点处理规则,并利用函数摘要快速传播污点。采用动态插桩工具实现原型系统TaintIce,并对真实漏洞攻击进行了测试。实验结果表明,TaintIce能检测到传统污点分析无法检测到的攻击,并且性能得到提升。因此提出的技术可有效提高污点分析的检测效果与性能。...

Full description

Saved in:
Bibliographic Details
Published in计算机应用研究 Vol. 31; no. 8; pp. 2497 - 2501
Main Author 代伟 刘智 刘益和
Format Journal Article
LanguageChinese
Published 内江师范学院计算机科学学院,四川内江,641112%电子科技大学计算机科学与工程学院,成都,611731 2014
Subjects
x86指令
函数摘要
污点分析
调用栈
taint analysis
x86指令
函数摘要
污点分析
function summary
x86 instruction
call stack
调用栈
Online AccessGet full text
ISSN1001-3695
DOI10.3969/j.issn.1001-3695.2014.08.063

Cover

More Information
Summary:污点分析是安全领域一种重要的动态分析技术。传统二进制代码级的污点分析存在两个主要问题:a)指令级的污点传播规则不准确;b)无法进入内核函数,造成分析不准确,同时大量插桩函数内部指令影响系统效率。为此提出两种方法解决上述问题。首先,按照污点传播语义制定准确的指令级传播规则;其次,设计函数调用与退出的污点处理规则,并利用函数摘要快速传播污点。采用动态插桩工具实现原型系统TaintIce,并对真实漏洞攻击进行了测试。实验结果表明,TaintIce能检测到传统污点分析无法检测到的攻击,并且性能得到提升。因此提出的技术可有效提高污点分析的检测效果与性能。
Bibliography:51-1196/TP
Taint analysis is an important dynamic technique in security. Traditional taint analysis on binary code has two major drawbacks: a) instruction-level propagation rules are inaccurate; b) being unable to enter kernel functions leads to analysis inaccuracy,and system efficiency is undermined with heavy instrumentation. This paper proposed two techniques to overcome above drawbacks. First,it made accurate taint propagation rules according to propagation semantics. Second,it designed propagation rules on function entry and exit,and used function summary to fast propagate taint mark. It implemented a prototype system TaintIce using dynamic instrumentation tool,and evaluated real vulnerabilities. Experiment results show TaintIce can detect attacks that cannot be detected by traditional taint analysis,while system performance is improved. Therefore,the proposed techniques can effectively improve detection effectiveness and system overhead.
taint analysis;x86 instruction;function summary;call stack
DAI Wei, L
ISSN:1001-3695
DOI:10.3969/j.issn.1001-3695.2014.08.063