期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于延后策略的动态多路径分析方法 被引量:9

Exploring Multiple Execution Paths Based on Dynamic Lazy Analysis
下载PDF
导出
摘要 多路径分析是弥补传统动态分析方法的不足、对可执行程序全面分析的重要方法之一.现有多路径方法主要采用随机构造或者根据路径条件构造输入进行路径触发,这两者均存在路径分析不全面和缺乏针对性的问题.文中通过对路径条件分析,确定了检测条件的基本组成元素,提出了弱控制依赖和路径引用集的概念和计算规则,并以此为基础提出一种延后策略的多路径分析方法.在程序分析过程中,对特定的程序检测点和检测点条件,有针对性地进行路径筛选,从语义上进行路径表达式简化,在保证检测点可达和检测表达式具有相同构造形式的前提下,简化检测表达式,减少分析路径的数量.对7款恶意软件的分析实验结果表明,该方法提高了分析效率和准确性. Exploring multiple execution paths is an important method to analyze executable files.Most researchers use randomly generated input or construct input by path conditions to explore program paths.These methods suffer from two flaws:they cannot analyze all the paths while there are too many useless paths to analyze.This paper introduces weak control dependence and path reference set to analyze path conditions.It also ensures three basic kinds of elements in checked conditions.Lazy analysis is proposed based on these definitions and theories to explore multiple execution paths.When analyzing a program,it can choose suitable branch conditions to explore paths according to a program check point.In this way,the number of path conditions can be decreased without missing any necessary conditions that guarantee the program to run to the check point and the checked condition to have the same structures.A prototype is implemented to make some experiments on seven malwares.Taint analysis is used to trace the input from outer space such as tainted files in the overall analysis process.Shadow memory is also exploited to increase the managing speed.The results show that the method decreases the number of path conditions and increases the efficiency when exploring multiple paths.
作者 陈恺 冯登国 苏璞睿
机构地区 中国科学院研究生院信息安全国家重点实验室 中国科学院软件研究所信息安全国家重点实验室 信息安全共性技术国家工程研究中心
出处 《计算机学报》 EI CSCD 北大核心 2010年第3期493-503,共11页 Chinese Journal of Computers
基金 国家自然科学基金(60703076 60970028) 国家"八六三"高技术研究发展计划项目基金(2006AA01Z412 2007AA01Z451 2007AA01Z475 2007AA01Z465 2007AA01A414)资助~~
关键词 多路径分析 可执行程序 漏洞检测 动态分析 延后策略 multiple execution paths analysis executable files vulnerability detection dynamic analysis lazy analysis
分类号 TP311 [自动化与计算机技术—计算机软件与理论]
  • 相关文献

参考文献22

  • 1Godefroid P, Levin M Y, Molnar D. Automated whitebox fuzz testing//Proceedings of the Network and Distributed System Security Symposium. San Diego, CA, 2008.
  • 2Cadar C, Ganesh V, Pawlowski P M, Dill D L, Engler D R. EXE: Automatically generating inputs of death//Proceedings of the 13th ACM Conference on Computer and Communications Security. Alexandria, VA, USA, 2006:322-335.
  • 3Linn C, Debray S. Obfuscation of executable code to improve resistance to static disassembly//Proceedings of the 10th ACM Conference on Computer and Communications Security. Washing:ton DC, USA, 2003:290-299.
  • 4Boonstoppel P, Cadar C, Engler D. RWset: Attacking path explosion in constraint-based test generation//Proceedings of the 14th International Conference. TACAS, Budapest, Hungary, 2008:351-366.
  • 5Xie T, Tillmann N, de Halleux J, Schulte W. Fitness-guided path exploration in dynamic symbolic execution. Microsoft: MSR-TR-2008-123, 2008.
  • 6Balakrishnan G, Reps T. Analyzing memory accesses in x86 exeeutables//Proceedings of the 13th International Conferenee on Compiler Construction. Barcelona, Spain, 2004:5-23.
  • 7Balakrishnan G, Gruian R, Reps T, Teitelbaum T. Codesurfer/x86--A platform for analyzing x86 executables//Proceedings of the 14th International Conference on Compiler Construction. Edinburgh, Scotland, 2005:250-254.
  • 8Cova M, Felmetsger V, Banks G, Vigna G. Static detection of vulnerabilities in x86 executables//Proceedings of the Annual Computer Security Applications Conference (ACSAC). Miami, FL,USA, 2006:269-278.
  • 9Anand S, Orso A, Harrold M J. Type-dependence analysis and program transformation for symbolic execution//Proceedings of the International Conference on Tools and Algorithms for Construction and Analysis of Systems. Braga, Portugal, 2007:117-133.
  • 10夏一民,罗军,张民选.基于条件范围约束的越界访问检测方法[J].计算机研究与发展,2006,43(10):1760-1766. 被引量:2

二级参考文献47

  • 1Yichen Xie,Andy Chou,Dawson Engler.ARCHER:Using symbolic,path-sensitive analysis to detect memory access errors[C].ESEC/FSE'03,Helsinki,Finland,2003
  • 2Dinakar Dhurjati,Vikram Adve.Backwards-compatible array bounds checking for C with very low overhead[C].International Conference on Software Engineering (ICSE),Shanghai,2006
  • 3Nurit Dor,Michael Rodeh,Mooly Sagiv.CSSV:Towards a realistic tool for statically detecting all buffer overruns in C[C].ACM PLDI,San Diego,USA,2003
  • 4David Evans,David Larochelle.Improving security using extensible lightweight static analysis[J].IEEE Software,2002,19(1):42-51
  • 5D Wagner,J Foster,E Brewer,et al.A first step towards automated detection of buffer overrun vulnerabilities[C].Symp on Network and Distributed Systems Security,San Diego,California,USA,2000
  • 6Vinod Ganapathy,et al.Buffer overrun detection using linear programming and static analysis[C].ACM CCS,Washington,DC,USA,2003
  • 7V Benjamin Livshits,Monica S Lam.Tracking pointers with path and context sensitivity for bug detection in C programs[C].ESEC/FSE'03,Helsinki,Finland,2003
  • 8William Blume,Rudolf Eigenmann.Symbolic range propagation[C].The 9th Int'l Parallel Processing Symposium,Santa Barbara,CA,USA,1995
  • 9Thomas Fahringer.Efficient symbolic analysis for parallelizing compilers and performance estimators[J].The Journal of Supercomputing,1998,12(3):1-29
  • 10Radu Rugina,Martin Rinard.Symbolic bounds analysis of pointers,array indices,and accessed memory regions[C].ACM PLDI,Vancouver,BC,Canada,2000

共引文献5

同被引文献136

  • 1夏一民,罗军,张民选.基于条件范围约束的越界访问检测方法[J].计算机研究与发展,2006,43(10):1760-1766. 被引量:2
  • 2HEASMAN J. Implementing and detecting an ACPI BIOS Rootkit: Blackhat DC[R]. 2006.
  • 3HEASMAN J. "Implementing and detecting a PCI Rootkit: Blackhat DC [R]. 2007.
  • 4KING S T, TUCEK J, COZZIE A, et al. Designing and implementing malicious hardware [ C]//Proc of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats. 2008.
  • 5BORG S. Securing the supply chain for electronic equipment: a strategy and framework [ R ]. 2009.
  • 6COHEN F. Computer viruses-theory and experiments [ J ]. Computers and Security, 1987,6( 1 ) :22-35.
  • 7CHESS D M, WHITE S R. An undetectable computer virus[ C]// Proc of Virus Bulletin Conference. Orlando : [ s. n. ] , 2000.
  • 8NECULA G C. Pr0of-carrying code[ C]//Proc of the 24th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. Paris France: [s. n. ] , 1997:106-119.
  • 9BISHOP M. Computer security art and science[ M ]. Singapore:Pearson Education, 2005:435-436.
  • 10COHEN F. Computational aspects of computer viruses[ J]. Computers and Security, 1989,8(4) :325-344.

引证文献9

二级引证文献20

计算机学报
2010年 第3期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部