跨主机动态污点跟踪技术研究

Research on Cross-host Dynamic Taint Tracking Technology

下载PDF

导出

摘要为解决动态污点跟踪系统不能跨主机跟踪污点的问题,在Temu系统的基础上,提出基于应用程序编程接口Hook的污点跟踪方法。通过Hook插件完成对网络I/O函数的拦截,发送端Hook插件将污点数据和污染信息进行封装,接收端Hook插件解析数据包并根据污染信息对污点数据进行标记,由此实现跨主机动态污点跟踪。实验结果表明,基于该方法的原型系统可以实现跨主机污染传播,为动态污点跟踪技术在分布式环境中的应用提供支持。 In order to solve the problem that taint tracking system can not realize cross-host dynamic taint tracking, based on Temu system, a taint tracking method based on Application Programming Interface（API） Hook is presented. It fulfills the interception of network I/O related system calls by Hook plug-ins, which embeds Hook services into API function calls to accomplish cross-host taint propagation. Taint data and information are encapsulated by Hook plug-in at sender. Hook plug-in analyzes data packets and marks taint data tainted according to taint information at receiver, so that cross-host dynamic taint tracking is realized. Experimental result indicates that the prototype system can implement cross-host taint propagation, which is helpful to application with dynamic taint tracking in distributed environment.

作者任飞飞庄洪林吴礼发潘璠

机构地区中国人民解放军解放军理工大学指挥信息系统学院

出处《计算机工程》 CAS CSCD 2013年第3期162-166,共5页 Computer Engineering

基金江苏省自然科学基金资助项目(BK2011115)

关键词动态污点跟踪 Temu系统数据流动态二进制分析应用程序编程接口Hook dynamic taint tracking Temu system data flow dynamic binary analysis Application Programming Interface（API）Hook

分类号 TP309.2 [自动化与计算机技术—计算机系统结构]

引文网络
相关文献

参考文献9

1Newsome J, Song Dawn. Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software[C]//Proc. of the 12th Annual Network and Distributed System Security Symposium. San Diego, USA: [s. n.], 2005.
2Yin Heng, Song Dawn, Egele M, et. al. Panorama: Capturing System-wide Information Flow for Malware Detection and Analysis[C]//Proc. of the 14th ACM Conference on Computer and Communications Security. New York, USA: ACM Press, 2007:116-127.
3何永君,舒辉,熊小兵.基于动态二进制分析的网络协议逆向解析[J].计算机工程,2010,36(9):268-270. 被引量：11
4Crandall J R, Chong Frederic. Minos: Control Data Attack Prevention Orthogonal to Memory Model[C]//Proc. of the 37th International Symposium on Micro Architecture. Oakland, USA: IEEE Press, 2004: 221-232.
5Davis B, Chen Hao. DBTaint: Cross-application Information Flow Tracking via Databases[C]//Proc. of 2010 USENIX Conference on Web Application Development. Boston, USA: [s. n.], 2010.
6Zhang Qing, McCullough J, Ma Justin, et. al. Neon: System Support for Derived Data Management[J]. ACM SIGPLAN Notices, 2010, 45(7): 63-74.
7Yin Heng, Song Dawn. Temu: Binary Code Analysis via Whole-system Layered Annotative Execution[R]. Berkeley, USA: University of California, Tech. Rep.: UCB/EECS- 2010-3, 2010.
8Song Dawn, Brumley D, Yin Heng, et. al. BitBlaze: ANew Approach to Computer Security via Binary Analysis[C]// Proc. of the 4th International Conference on Information Systems Security. Heidelberg, Germany: Springer-Verlag, 2008.
9Bellard F. QEMU: A Fast and Portable Dynamic Translator[C]//Proc. of 2005 USENIX Annual Technical Conference. Berkeley, USA:[s. n.], 2005: 41-46.

二级参考文献7

1Caballero J,Yin Heng,Liang Zhenkai,et al.Polyglot:Automatic Extraction of Protocol Format Using Dynamic Binary Analysis[C]// Proc.of the 14th ACM Conference on Computer and Communications Security.Alexandria,USA:[s.n.],2007.
2Beddoe M.The Protocol Informatics Project[EB/OL].[2009-08-24].http://www.4tphi.net/~awalters/PI/PI.Html.
3Cui Weidong,Kannan J,Wang H J.Discoverer:Automatic Protocol Reverse Engineering from Network Traces[C]//Proc.of the 16th Usenix Security Symposium.Boston,VA:USA:[s.n.],2007.
4Lin Zhiqiang,Jiang Xuxian,Xu Dongyan,et al.Automatic Protocol Format Reverse Engineering Through Context-aware Monitored Execution[C]//Proc.of the 15th Symposium on Network and Distributed System Security.San Diego,California,USA:[s.n.],2008.
5Cui Weidong,Peinado M,Chen K,et al.Tupni:Automatic Reverse Engineering of Input Formats[C]//Proc.of ACM Conference on Computer and Communications Security.Alexandria,VA,USA:[s.n.].2008.
6Wondracek G,Comparetti P M,Kruegel C,et al.Automatic Network Protocol Analysis[C]//Proc.of the 15th Annual Network and Distributed System Security Symposium.San Diego,California,USA:[s.n.],2008.
7Bruening D L.Efficient,Transparent,and Comprehensive Runtime Code Manipulation[D].Cambridge,USA:Massachusetts Institute of Technology,2004.

共引文献10

1潘璠,吴礼发,杜有翔,洪征.协议逆向工程研究进展[J].计算机应用研究,2011,28(8):2801-2806. 被引量：21
2王乾,舒辉,李洋,黄荷洁.基于DynamoRIO的恶意代码行为分析[J].计算机工程,2011,37(18):139-141. 被引量：6
3罗成,张玉清,王龙,刘奇旭.基于符号表达式的未知协议格式分析及漏洞挖掘[J].中国科学院研究生院学报,2013,30(2):278-284. 被引量：4
4戴理,舒辉,黄荷洁.基于数据流分析的网络协议逆向解析技术[J].计算机应用,2013,33(5):1217-1221. 被引量：4
5张钊,温巧燕,唐文.协议规范挖掘研究综述[J].计算机工程与应用,2013,49(9):1-9. 被引量：9
6杜行舟,徐超,孟昭鹏.针对网络编码的逆向工程技术合法性分析[J].计算机科学,2014,41(11):12-15.
7徐正国,邓月华.未知网络协议逆向分析综述[J].电信技术研究,2015,0(3):47-58.
8牛欢,卢选民.面向比特流的未知短波协议识别技术[J].计算机系统应用,2016,25(3):142-146.
9王旭东,余翔湛,张宏莉.面向未知协议的流量识别技术研究[J].信息网络安全,2019(10):74-83. 被引量：5
10王震,周超,苗泉强,樊永文.基于静态分析的密码协议业务逻辑缺陷检测方法[J].数字技术与应用,2022,40(11):230-233. 被引量：1

1王伟平,柏军洋,张玉婵,王建新.基于代码改写的JavaScript动态污点跟踪[J].清华大学学报（自然科学版）,2016,56(9):956-962. 被引量：3
2赵斌,李伟明,王永剑.利用动态污点跟踪优化模糊测试的方法[J].华中科技大学学报（自然科学版）,2016,44(S1):75-79. 被引量：2
3强杰,潘清,王飞.Android系统信息泄露检测研究综述[J].软件,2017,38(3):143-146.
4贾文超,汪永益,施凡,常超.基于动态污点传播模型的DOM XSS漏洞检测[J].计算机应用研究,2014,31(7):2119-2122. 被引量：5
5荆园园,杨娜.路由交换数据在线时间复杂度预测链路漏洞检测[J].科技通报,2014,30(10):79-81.
6杨广亮,龚晓锐,姚刚,韩心慧.一个面向Android的隐私泄露检测系统[J].计算机工程,2012,38(23):1-6. 被引量：25
7贺培港.一种新型的网络协议分析模型[J].电脑与电信,2011(2):37-39. 被引量：1
8孙达,罗海福.Windows API在串口通信中的应用[J].微计算机信息,2004,20(4):101-103. 被引量：5
9任德凌,顾毓清.面向对象的应用程序编程接口的设计与实现[J].小型微型计算机系统,2001,22(7):813-815. 被引量：5
10任延珍,李长军,刘子维,王丽娜.基于字段完整性的内存破坏漏洞检测方法[J].华中科技大学学报（自然科学版）,2016,44(3):39-43. 被引量：2

计算机工程

2013年第3期

浏览历史

内容加载中请稍等...

跨主机动态污点跟踪技术研究

参考文献9

二级参考文献7

共引文献10

相关作者

相关机构

相关主题

浏览历史