期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于Fuzzing的ActiveX控件漏洞挖掘技术研究 被引量:10

Vulnerability Detection in ActiveX Controls Based on Fuzzing Technology
下载PDF
导出
摘要 ActiveX控件漏洞存在广泛且往往具有较高的威胁等级,有必要对此类漏洞的挖掘技术展开研究,发现并修复漏洞,从而杜绝安全隐患.在对ActiveX控件特性进行分析的基础上,设计并实现了ActiveX控件漏洞挖掘工具——ActiveX-Fuzzer.它基于黑盒Fuzzing测试技术,能够自动地构造半有效数据对控件接口展开测试,尝试发现潜在的缓冲区溢出、整数溢出及格式化字符串错误等安全问题.通过使用该工具对常用ActiveX控件进行广泛的测试,发现多个未公布的高危漏洞,受影响的软件包括腾讯QQ、WinZip、微软Office等国内外重要软件,以及部分知名银行的网上服务中使用的控件.该测试结果表明了ActiveX-Fuzzer的有效性和先进性. Vulnerabilities in ActiveX controls are large in number and tend to exhibit high level of severity. They are frequently exploited in Web based attacks to compromise client computers, thus motivating the research into techniques for discovering such flaws automatically. In this work, the authors propose and implement an ActiveX vulnerability detection tool named ActiveX-Fuzzer. It is a blackbox fuzzing tool that automatically feeds the interface exposed by an ActiveX control with crafted semi-valid data, attempting to identify potential vulnerabilities including buffer overflow, integer overflow and format string flaws. The tool is tested against a broad range of commonly used ActiveX controls and detects a number of highly severe vulnerabilities that are previously undiscovered, affecting Tencent QQ, WinZip, Microsoft Office and other software products, as well as online services from several major banks. The test result well proves the effectiveness of such an approach.
作者 杨丁宁 肖晖 张玉清
机构地区 中国科学院研究生院国家计算机网络入侵防范中心
出处 《计算机研究与发展》 EI CSCD 北大核心 2012年第7期1525-1532,共8页 Journal of Computer Research and Development
基金 国家自然科学基金项目(60773135 90718007 60970140)
关键词 软件脆弱性 漏洞挖掘 安全性测试 FUZZING技术 ACTIVEX控件 software vulnerability vulnerability detection security testing fuzzing technology ActiveX controls
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献15

  • 1Wikipedia. ActiveX-Wikipedia, the Free Encyclopedia[EB/OL].http://en.wikipedia.org/wiki/ ActiveX,2010.
  • 2Microsoft Corporation. Microsoft Component Object Model (COM):A Technical Overview of COM[EB/OL].http://www.cs.umd.edu/~pugh/com/,2010.doi:10.1160/TH09-07-0476.
  • 3Egele M,Wurzinger P,Kruegel C. Defending browsers against driven-by downloads: Mitigating heapspraying code injection attacks[A].Beilin:Springer-Verlag,2009.88-106.
  • 4Microsoft Corporation. Microsoft Security Intelligence Report Volume 8[EB/OL].http://www.microsoft.com/downloads/details.aspx?farnilyid =2C4938A0-4D64-4C65-B951-754F4D1AF0B5&displaylang =en,2010.doi:10.1016/j.bpj.2010.01.045.
  • 5National Institute of Standards and Technology. National Vulnerability Database Home[EB/OL].http://nvd.nist.gov/,2010.
  • 6Hird S. axfuzz:An ActiveX/COM Enumerator and Fuzzer[EB/OL].http://sourceforge.net/projects/axfuzz/,2010.
  • 7iDefense Labs. COMRaider:A tool designed to fuzz COM obiect Interfaces[EB/OL].http://labs.idefense.com/software/fuzzing.php # more_comraider,2010.doi:10.1016/j.molcel.2011.07.029.
  • 8Moore H. AxMan ActiveX Fuzzer[EB/OL].http://digitaloffense.net/tools/axman/,2010.
  • 9CERT Coordination Center. Dranzer[EB/OL].http://www.cert.org/vuls/discovery/dranzer.html,2010.
  • 10Dormann W,Plakosh D. Vulnerability Detection in ActiveX Controls Through Automated Fuzz Testing[EB/OL].http://www.cert.org/archive/pdf/dranzer.pdf,2010.

二级参考文献49

  • 1邵林,张小松,苏恩标.一种基于fuzzing技术的漏洞发掘新思路[J].计算机应用研究,2009,26(3):1086-1088. 被引量:17
  • 2MILLER B P, FREDRIKSON L, SO B. An empirical study of the reliablity of UNIX utilities[ J]. Communications of the ACM, 1990, 33(2) :32.
  • 3AITEL D. The advantages of block-based protocol analysis for security testing[ R]. New York: Immunity Inc, 2002.
  • 4SPIKE [ EB/OL ]. ( 2009- 06 ). http ://www. immunitysec, com/resources-freesoftware, shtml.
  • 5GODEFROID P, LEVIN M, MOLNAR D. Active property checking [ C]//Proc of the 8th ACM International Conference on Embedeling Software. 2008 : 19-24.
  • 6GODEFROID P, LEVIN M, MOLNAR D. Automated whitebox fuzz testing[ C ]//Proc of Network Distributed Security Symposium. 2005.
  • 7MILLER B P, KOSKI D, LEE C P,et al. Fuzzing revisted: a reexamination of the reliability of UNIX utilities and services [ R]. Madison: University of Wisconsin Madison, 1995.
  • 8SUTTON M, GREENE A, AMINI P. Fuzzing: brute vulnerability discovery[ M]. [ S. l. ] : Pearson Education Inc, 2007 : 16.
  • 9ANDREA L, LORENZO M, MATTIA M,et al. A smart fuzzer for x86 executables[ C ]//Proc of the 3rd International Workshop on Software Engineering for Secure Systems. [ S. l. ] : IEEE Computer Society, 2007:7.
  • 10OEHLERT P. Violating assumption with fuzzing[ J]. IEEE Security and Privacy,2005,3(2) :58-62.

共引文献29

同被引文献61

  • 1林志强,夏耐,茅兵,谢立.缓冲区溢出研究综述[J].计算机科学,2004,31(9):110-113. 被引量:4
  • 2王业君,倪惜珍,文伟平,蒋建春.缓冲区溢出攻击原理与防范的研究[J].计算机应用研究,2005,22(10):101-104. 被引量:12
  • 3Emigh J.. New flash player rises in the web-video market[J]. Computer, 2006, 39(2): 14-16.
  • 4Holm H. Performance of automated network vulnerability scanning at remediating security issues[J]. Computers & Security, 2012, 31(2): 164-175.
  • 5Wallach D. Technical perspective tools for information to flow securely and swiftly[J]. Communications of the ACM, 2009, 52(2): 78-80.
  • 6黄正.一种检测恶意flash文件的方法和装置:中国,201210027110.8[P].[2012-02-10].
  • 7Wang T, Wei T, Gu G, et al. Checksum-aware fuzzing combined with dynamic taint analysis and symbolic execution[J]. ACM Transactions on Information and System Security, 2011, 14(2): 1-25.
  • 8Lund K, Moulton M, Nicholson S. Adobe flash player vulnerability research[EB/OL]. [2011-11-15]. http://mason.gmu. edu/-msherif/isa564/fall 11/proj ects/adobe.pdf.
  • 9De Vries B W, Gupta G, Hamlen K W, et al. ActionScript bytecode verification with co-logic programming[C]//Dublin: ACM SIGPLAN Workshop On Programming Languages and Analysis For Security, 2009: 9-15.
  • 10Watanabe T, Cheng Z, Kansen M, et al. A new security testing method for detecting flash vulnerabilities by generating test patterns[R]. International Conference on Network-Based Information Systems(NBiS'2010). Takayama, Japan, 2010: 469-474.

引证文献10

二级引证文献35

计算机研究与发展
2012年 第7期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部