摘要
随着技术的进步,Windows操作系统日益完善,多种内存保护技术的结合使得传统的基于缓冲区溢出攻击越来越困难,在这种情况下,内核漏洞往往可以作为突破安全防线的切入点。该论文首先分析了现有Windows内核漏洞挖掘方法,阐述了Windows内核下进行Fuzzing测试的原理和步骤,针对Windows win32k.sys对窗口消息的处理、第三方驱动程序对IoControlCode的处理、安全软件对SSDT、ShadowSSDT函数的处理,确定数据输入路径,挖掘出多个内核漏洞,验证了该方法的有效性。
With advances in technology, Windows operating system has improved steadily. Combining many memory protection technologies made the traditional buffer-overflow-based attacks to be more useless. In this case, the kernel vulnerability can be used to break through the security line of defense as a starting point. This paper researches the existing mining Windows kernel vulnerability, then proposes a methods on how to find Windows kernel vulnerability based on Fuzzing, summarizes the existing Fuzzing technology, selects three kernel Fuzzing goal which are Windows win32k.sys processing of window messages, third-party driver for IoControlCode processing, security software on the SSDT, ShadowSSDT function of processing, after the analysis of the three principles, Fuzzing data are designed and data input path are identified. Finally, using this method found in case of Windows operating system unknown vulnerabilities verify the validity of the method.
出处
《信息网络安全》
2011年第12期9-16,共8页
Netinfo Security
基金
国家自然科学基金资助项目[61170282]
关键词
安全漏洞
漏洞挖掘
漏洞补丁
security vulnerabilities
digging vulnerabilities
vulnerability patches