期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于gdb的Android软件漏洞挖掘系统 被引量:2

Android Software Vulnerabilities Mining System Based on gdb
下载PDF
导出
摘要 传统的漏洞挖掘技术一般适用于x86平台,且是面向PC的。随着Android手机的普及,需要有针对其上运行软件的漏洞挖掘技术。针对当前Android软件市场审核宽松以及该领域研究相对较少等方面存在的一些问题,设计并实现了一种基于gdb的Android软件漏洞挖掘系统。系统采用基于信息流追踪的污点分析技术,从污点标记、污点传播和污点检测三个方面进行设计,并通过指令模拟执行提高分析覆盖率。当系统发现可疑漏洞时,把结果通知给用户,并能对漏洞做出全面的分析。通过对Android软件的测试,发现了部分软件中的缓冲区溢出漏洞,证实了系统的有效性。 The traditional vulnerability mining techniques are generally applicable to x86 platform, and intent to the PC. With the popularity of Android phones, the vulnerability mining technology running on it is needed. Because of the problems of the current accommodative Android software market audit and relatively small research in this area, a gdb-based Android software vulnerabilities mining system is designed and implemented. The system adopts taint analysis techniques based on tracking the flow of information, which is designed from taint marking, taint transmission and taint detection, and improves analysis coverage through instruction simulation. The result is notified to the user and the system can make a comprehensive analysis of vulnerability when the system finds the suspicious loopholes. By the test for Android software, some buffer overflow vulnerabilities in software is found, which proves the effectiveness of the system.
作者 杨海民 张涛 赵敏 鲁小杰
机构地区 解放军理工大学指挥信息系统学院
出处 《计算机技术与发展》 2015年第8期156-160,共5页 Computer Technology and Development
基金 国家科技重大专项基金资助项目(2012ZX03006-003)
关键词 Android软件 漏洞挖掘 污点分析 GDB Android software vulnerabilities mining taint analysis gdb
分类号 TP302.1 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献12

  • 1Cisco 2013 annual security report[ R/OL]. [2013-06-01 ]. http ://www. eisco, coin/.
  • 2Gdbmanual [ EB/OL ]. [ 2014 -04-04 ]. http ://baike. baidu. corn/view/639266, htm.
  • 3Lain M S, Martin M C, Livshits V B, et al. Securing Web ap- plications with static and dynamic information flow tracking [ C]//Proc of the 2008 ACM SIGPLAN symposium on partial evaluation and semantics-based program manipulation. New York : ACM Press ,2008.
  • 4刘智,张小松.一种基于污点分析的文件型软件漏洞发现方法[J].小型微型计算机系统,2012,33(1):42-48. 被引量:6
  • 5Newsome J, Song D. Dynamic taint analysis:automatic detec- tion, analysis, and signature generation of exploit attacks on commodity software [ C ]//Proceedings of the network and dis- tributed systems security symposium. San Diego, CA : [ s. n. ], 2005.
  • 6Clause J, Li Wanchun, Orso A. Dytan : a generic dynamic taint analysis framework [ C ]//Proceedings of the internationalsymposium on software testing and analysis. [ s. 1. ] : [ s. n. ], 2007.
  • 7Portokalidis G, Slowinska A, Bos H. Argos : an emulator for fin. gerprinting zero-day attacks [ C ]//Proc of EuroSys' 06. Leu- yen,Belgium: [ s. n. ] ,2006.
  • 8Enck W, Gilbert P, Chun B G, et al. TaintDroid: an information -flow tracking system for realtime privacy monitoring monito- ring on smartphones [ C ]//Proceedings of the 9th USENIX conference on operating systems design and implementation. [ s. 1. ] : [ s. n. ] ,2010:393-407.
  • 9史大伟,袁天伟.一种粗细粒度结合的动态污点分析方法[J].计算机工程,2014,40(3):12-17. 被引量:9
  • 10ARM Ltd. ARM926EJ- S technical reference manual [ EB/ OL]. [2008-06-01 ]. http://www, ann. corn/.

二级参考文献17

  • 1邵林,张小松,苏恩标.一种基于fuzzing技术的漏洞发掘新思路[J].计算机应用研究,2009,26(3):1086-1088. 被引量:17
  • 2叶永青,李晖,郑燕飞,洪璇,郑东.基于二进制代码的缓冲区溢出检测研究[J].计算机工程,2006,32(18):141-143. 被引量:5
  • 3John Viega, Bloeh J T. ITS4 :a static vulnerability scanner for C and C++ code[C]: Annual Computer Security Applications Conference, December 2000.
  • 4Wagner D, Foster J, Brewer E, et al. A first step towards automated detection of buffer overrun vulnerabilities[C]. Network and Distributed Systems Security Conference, San Diego, CA, February 2000.
  • 5Chen H, Wagner D. MOPS: an infrastructure for examining security properties of software[C]. Proc. 9th ACM Conf. Computer and Communications Security (CCS2002), ACM Press, 2002,235-244.
  • 6Newsome J, Song D. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software[C]. 12th Annual Network and Distributed System Security Symposium, Feb. 2005.
  • 7Cheng W, Zhao Q, Yu B, et al. Taint trace: efficient flow tracing with dynamic binary rewriting[C]. Proocedings of the 11th IEEE Symposium on Computers and Communications, June, 2006.
  • 8Cqual [EB/OL]. http://www, cs. umd. edu/- jfoster/cqual/. August 2007.
  • 9Zhang X, Edwards A, Jaeger T. Using CQUAL for static analysis of authorization hook placement [C]. Proceedings of the Eleventh Usenix Security Symposium, August 2002.
  • 10Oink [EB/OL ]. http://www. eubewano. org/oink. August 2007.

共引文献31

同被引文献13

引证文献2

二级引证文献2

计算机技术与发展
2015年 第8期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部