Collaborative Reversing of Input Formats and Program Data Structures for Security Applications 被引量：1

Collaborative Reversing of Input Formats and Program Data Structures for Security Applications

下载PDF

导出

摘要 Reversing the syntactic format of program inputs and data structures in binaries plays a vital role for understanding program behaviors in many security applications.In this paper,we propose a collaborative reversing technique by capturing the mapping relationship between input fields and program data structures.The key insight behind our paper is that program uses corresponding data structures as references to parse and access different input fields,and every field could be identified by reversing its corresponding data structure.In details,we use a finegrained dynamic taint analysis to monitor the propagation of inputs.By identifying base pointers for each input byte,we could reverse data structures and conversely identify fields based on their referencing data structures.We construct several experiments to evaluate the effectiveness.Experiment results show that our approach could effectively reverse precise input formats,and provide unique benefits to two representative security applications,exploit diagnosis and malware analysis. Reversing the syntactic format of program inputs and data structures in binaries plays a vital role for understanding program behaviors in many security applications. In this paper, we propose a collaborative reversing technique by capturing the mapping relationship between input fields and program data structures. The key insight behind our paper is that program uses corresponding data structures as references to parse and access different input fields, and every field could be identified by reversing its corresponding data structure. In details, we use a fine- grained dynamic taint analysis to monitor the propagation of inputs. By identifying base pointers for each input byte, we could reverse data structures and conversely identify fields based on their referencing data structures. We construct several experiments to evaluate the effectiveness. Experiment results show that our approach could effectively reverse precise input formats, and provide unique benefits to two representative security applications, exploit diagnosis and malware analysis.

作者 ZHAO Lei

机构地区 Key Laboratory of Aerospace Information Security and Trust Computing Computer School of Wuhan University State Key Lab. for Novel Software Technology

出处《China Communications》 SCIE CSCD 2014年第9期135-147,共13页 中国通信（英文版）

基金 the National Natural Science Foundation of China，the foundation of State Key Lab.for Novel Software Technology in Nanjing University,the foundation of Key Laboratory of Information Assurance Technology

关键词 software security reversingengineering fine-grained dynamic tainting 输入格式数据结构应用程序安全应用反转协同倒车技术二进制文件

分类号 TP311.138 [自动化与计算机技术—计算机软件与理论] TP311.12 [自动化与计算机技术—计算机软件与理论]

引文网络
相关文献

参考文献21

1SLOWINSKA A, STANCESCU T, BOSH. Body Ar- mour for Binaries: preventing[C]//Proceedings of 2012 USENIX Annual Technical Conference. 2012.
2COMPARETTI P M, WONDRACEK G, KRUE- GEL C, et al. Prospex: Protocol Specification Extraction[C]//Proceedings of the 30th IEEE Symposium on Security and Privacy. IEEE, 2009: 110-125.
3LIN Z, ZHANG X. Reverse Engineering Input Syntactic Structure from Program Execution and Its Applications[J]. IEEE Transactions on Soft- ware Engineering, 2010, 36(5): 688-703.
4WANG T, WEI T, GU G, et al. TaintScope: A checksum-aware directed fuzzing tool for au- tomatic software vulnerability detection[C]// Proceedings of the 2010 IEEE Symposium on Security and Privacy. IEEE, 2010: 497-512.
5LIN Z, JIANG X, XU D, et al. Automatic proto- col format reverse engineering through con- text-aware monitored execution[C]//Proceed- ings of the 2008 Annual Network & Distributed System Security Symposium. Citeseer, 2008.
6CABALLERO J, YIN H, LIANG Z, et al. Polyglot: Automatic extraction of protocol message format using dynamic binary analysis[C]//Pro- ceedings of the 14th ACM conference on Com- puter and communications security. ACM, 2007: 317-329.
7CUI W, KANNAN J, WANG H J. Discoverer: automatic protocol reverse engineering from network traces[C]//Proceedings of 16th USENIX Security Symposium on USENIX Security Sym- posium. 2007.
8SLOWINSKA A, STANCESCU T, BOSH. Howard: a dynamic excavator for reverse engineering data structures[C]//Proceedings of the 2011 Network and Distributed System Security Sym- posium. 2011.
9LIN Z, ZHANG X, XU D. Automatic reverse en- gineering of data structures from binary execu- tion[C]//Proceedings of the 17th Network and Distributed System Security Symposium. 2010.
10NEWSOME J, SONG D. Dynamic taint analysis for automatic detection, analysis, and signa- ture generation of exploits on commoditysoftware[C]//Proceedings of the 2005 Annual Network and Distributed Systems Security Sym- posium. Internet Society, 2005.

同被引文献9

1赵咏,姚秋林,张志斌,郭莉,方滨兴.TPCAD:一种文本类多协议特征自动发现方法[J].通信学报,2009,30(S1):28-35. 被引量：10
2李伟明,张爱芳,刘建财,李之棠.网络协议的自动化模糊测试漏洞挖掘方法[J].计算机学报,2011,34(2):242-255. 被引量：66
3张树壮,罗浩,方滨兴.面向网络安全的正则表达式匹配技术[J].软件学报,2011,22(8):1838-1854. 被引量：29
4肖明明,余顺争.基于文法推断的协议逆向工程[J].计算机研究与发展,2013,50(10):2044-2058. 被引量：9
5游翔,葛卫丽.飞信协议识别与多元通联关系提取方法[J].现代电子技术,2014,37(21):19-23. 被引量：3
6石小龙,祝跃飞,刘龙,林伟.加密通信协议的一种逆向分析方法[J].计算机应用研究,2015,32(1):214-217. 被引量：6
7琚玉建,谢绍斌,张薇.网络协议帧切分优化过程研究与仿真[J].计算机仿真,2015,32(1):318-321. 被引量：6
8岳旸,孟凡治,张春瑞,李桐.面向二进制数据帧的聚类系统[J].计算机应用研究,2015,32(3):909-911. 被引量：3
9孟凡治,刘渊,张春瑞,李桐.基于状态相关字段识别的未知二进制协议状态机逆向方法[J].电讯技术,2015,55(4):372-378. 被引量：2

引证文献1

1罗建桢,余顺争,蔡君.基于最大似然概率的协议关键词长度确定方法[J].通信学报,2016,37(6):119-128. 被引量：6

二级引证文献6

1彭博一,张钊,蒋鸿宇.一种基于改进自编码器的二进制协议聚类方法[J].太赫兹科学与电子信息学报,2021,19(4):712-716. 被引量：1
2薛开平,柳彬,李威,洪佩琳.一种面向未知链路帧的格式特征提取与分类算法[J].中国科学院大学学报（中英文）,2018,35(4):521-528. 被引量：1
3洪征,田益凡,张洪泽,吴礼发.基于扩展前缀树的协议格式推断方法[J].计算机工程与应用,2018,54(12):14-20. 被引量：2
4潘思远,王轶骏,薛质,林祥.APT木马网络协议逆向自动化分析[J].计算机应用与软件,2018,35(4):317-324.
5张洪泽,洪征,王辰,冯文博,吴礼发.基于闭合序列模式挖掘的未知协议格式推断方法[J].计算机科学,2019,46(6):80-89. 被引量：4
6徐旭东,张志祥,张献.私有二进制协议中变长域的格式挖掘方法[J].计算机科学,2020,47(S01):556-560.

1Excel别把分数当日期[J].电脑爱好者,2012(5):66-66.
2袁玉,崔超远,乌云,陈祝红.单机下Hadoop小文件处理性能分析[J].计算机工程与应用,2013,49(3):57-60. 被引量：9
3Qi Wei Zhang Xiuru.Research on Car Reversing Warning System based on CAN Bus[J].International Journal of Technology Management,2014(8):119-121. 被引量：1
4蒋铁海.ADO数据库编程中日期变量的处理方法[J].华南金融电脑,2004,12(12):54-56.
5Sky 3D将设标准[J].世界广播电视,2009,23(10):12-12.
6陈云,王铮.基于受限自然语言和模块组合的代码自动生成[J].计算机工程,2008,34(20):58-60.
7UltraScope波形监视器[J].世界广播电视,2009,23(9):99-99.
8蓝色理想.无所不能找个MM与你聊天[J].电脑迷,2007,0(3):74-74.
9冯健,倪明,赵建波.一种基于分布式平台Hadoop的矩阵相乘算法[J].计算机系统应用,2013,22(12):149-154. 被引量：1
10白伟青,谭淑芹.C程序中如何正确地输入数据[J].计算机与网络,2009,35(10):58-60. 被引量：1

China Communications

2014年第9期

浏览历史

内容加载中请稍等...

Collaborative Reversing of Input Formats and Program Data Structures for Security Applications 被引量：1

参考文献21

同被引文献9

引证文献1

二级引证文献6

相关作者

相关机构

相关主题

浏览历史