SwordDTA： A Dynamic Taint Analysis Tool for Software Vulnerability Detection 被引量：4

Sword DTA: A Dynamic Taint Analysis Tool for Software Vulnerability Detection

导出

摘要 Software vulnerabilities are the root cause of various information security incidents while dynamic taint analysis is an emerging program analysis technique. In this paper, to maximize the use of the technique to detect software vulnerabilities, we present SwordDTA, a tool that can perform dynamic taint analysis for binaries. This tool is flexible and extensible that it can work with commodity software and hardware. It can be used to detect software vulnerabilities with vulnerability modeling and taint check. We evaluate it with a number of commonly used real-world applications. The experimental results show that SwordDTA is capable of detecting at least four kinds of softavare vulnerabilities including buffer overflow, integer overflow, division by zero and use-after-free, and is applicable for a wide range of software. Software vulnerabilities are the root cause of various information security incidents while dynamic taint analysis is an emerging program analysis technique. In this paper, to maximize the use of the technique to detect software vulnerabilities, we present SwordDTA, a tool that can perform dynamic taint analysis for binaries. This tool is flexible and extensible that it can work with commodity software and hardware. It can be used to detect software vulnerabilities with vulnerability modeling and taint check. We evaluate it with a number of commonly used real-world applications. The experimental results show that SwordDTA is capable of detecting at least four kinds of softavare vulnerabilities including buffer overflow, integer overflow, division by zero and use-after-free, and is applicable for a wide range of software.

作者 CAI Jun ZOU Peng MA Jinxin HE Jun

机构地区 Science and Technology on Complex Electronic System Simulation Laboratory China Information Technology Security Evaluation Center

出处《Wuhan University Journal of Natural Sciences》 CAS CSCD 2016年第1期10-20,共11页 武汉大学学报（自然科学英文版）

基金 Supported by the National High Technology Research and Development Program of China(863 Program)(2012AA012902) the“HGJ”National Major Technological Projects(2013ZX01045-004)

关键词 information security software vulnerability detection dynamic taint analysis use-after-free information security software vulnerability detection dynamic taint analysis use-after-free

分类号 TP309 [自动化与计算机技术—计算机系统结构]

引文网络
相关文献

参考文献44

1Bekrar S, Bekrar C, Groz R, et al. A taint based approach for smart fuzzing [C]//Proc 5th IEEE International Conference on Software Testing, Verification and Validation. Piscatway N J: IEEE Press, 2012: 818-825.
2Newsome J, Song D. Dynamic taint analysis for automatic detection, analysis, and signature Generation of exploits on commodity software [EB/OL]. [2015-09-10]. http://reposi- tory.cmu.edu/cgiA, iewcontent.cgi?article= l O42& context=ece.
3Clause J, Li W, Orso A. Dytan: A generic dynamic taint analysis framework [C] //Proc 2007 International Sympo- sium on Software Testing and Analysis. New York: ACM Press, 2007: 196-206.
4Song D, Brumley D, Yin H, et al. Information Systems Secu- rity [M]. Berlin: Springer-Verlag Press, 2008.
5Ganesh V, Leek T, Rinard M. Taint-based directed whitebox fuzzing [C]//Proc of the 31st International Conference on Software Engineering. Washington: IEEE Press, 2009: 474-484.
6Sutton M, Greene A, Amini P. Fuzzing: Brute Force Vul- nerability Discovery [M]. Upper Saddle River: Addison- Wesley Professional Press, 2007.
7Pak B S. Hybrid Fuzz Testing: Discovering Software Bugs via Fuzzing and Symbolic Execution [D]. Pittsburgh: Carne- gie Mellon University, 2012.
8Caca labs. Zzuf [EB/OL]. [2015-09-10] . http://caca.zoy.org/ wiki/zzuf.
9Fitblip. Sulley [EB/OL]. [2015-09-10]. http://github.com/ OpenR CE/sulley.
10Cai J, ZOU P, He J, et al. A smart fuzzing approach for in- teger overflow detection [J]. Information Technology in In- dustry, 2014, 2(3): 98-103.

二级参考文献18

1Newsome J, Song D. Dynamic taint analysis: automatic detection, analysis, and signature gener- ation of exploit attacks on commodity software // Proceedings of the Network and Distributed Systems Security Symposium. San Diego, CA: ISOC, 2005: 134-150.
2Sharif M, Lanzi A, Giffin J, et al. Automatic reverse engineering of Malware emulators // The 2009 IEEE Symposium on Security and Privacy. Oakland: IEEE, 2009:94-109.
3Wang Tielei, Wei Tao, Gu Guofei, et al. Taintscope: a checksum-aware directed fuzzing tool for auto- maticsoftware vulnerability detection // Proceedings of the 31 st IEEE Symposium on Security and Privacy. Oakland: IEEE, 2010:497-512.
4Caballero J, Yin H, Liang Z, et al. Polyglot: automatic extraction of protocol message format using dynamic binary analysis// 14th ACM Conference on Computer and Communications Security. New York: ACM, 2007:317-329.
5Cui W, Peinado M, Chen K, et al. Tupni: automaticreverse engineering of input formats // Proceedings of the 15th ACM Conference on Computer and Communications Security. New York: ACM, 2008:391-402.
6Sharif M, Lanzi A, Giffin J, et al. Panorama: capturing system-wide information flow for malware detection and analysis // Proceedings of the 14th ACMConference on Computer and Communications Security. New York: ACM, 2007:116-127.
7Minato S. Zero-suppressed BDDs and their applic- ations. International Journal on Software Tools for Technology Transfer, 2001, 3:156-170.
8Denning D E. A lattice model of secure information flow. Commun ACM, 1976, 19:236-243.
9Suh G E, Lee J W, Zhang D, et al. Secure program execution via dynamic information flow tracking. SIGPLAN Not, 2004, 39:85-96.
10Clause J, Li W, Orso A. Dytan: a generic dynamic taint analysis framework // Proceedings of International Symposium on Software Testing and Analysis. New York: ACM, 2007:196-206.

共引文献3

1崔化良,兰芸,崔宝江.动态污点分析技术在ActiveX控件漏洞挖掘上的应用[J].信息网络安全,2013(12):16-19. 被引量：2
2曾杰,魏强,曹琰,王清贤.基于Hash缓存的细粒度污点分析优化方法[J].信息工程大学学报,2017,18(5):607-612. 被引量：1
3董国良,臧洌,李航,甘露,郭咏科.基于污点分析的二进制程序漏洞检测[J].计算机技术与发展,2018,28(3):137-142. 被引量：3

同被引文献23

1李翔,孙文昊,孙州,陈立保.盾构法隧道穿越活动断裂带方案探讨[J].隧道建设（中英文）,2022,42(S01):369-375. 被引量：4
2李鹤,张平宇,程叶青.脆弱性的概念及其评价方法[J].地理科学进展,2008,27(2):18-25. 被引量：420
3刘功智,刘铁民,周建新,任智刚.生产安全事故直接经济损失抽样统计方法探讨[J].中国安全生产科学技术,2008,4(3):42-45. 被引量：6
4徐有福,文伟平,万正苏.基于漏洞模型检测的安全漏洞挖掘方法研究[J].信息网络安全,2011(8):72-75. 被引量：15
5黄强,曾庆凯.基于信息流策略的污点传播分析及动态验证[J].软件学报,2011,22(9):2036-2048. 被引量：21
6于继江.基于危险函数的缓冲区溢出检测方法的研究与实现[J].计算机应用与软件,2011,28(9):185-187. 被引量：6
7李勇,黄志球,房丙午,王勇.代价敏感分类的软件缺陷预测方法[J].计算机科学与探索,2014,8(12):1442-1451. 被引量：14
8张雄,李舟军.模糊测试技术研究综述[J].计算机科学,2016,43(5):1-8. 被引量：32
9宋守信,许葭,陈明利,翟怀远.脆弱性特征要素递次演化分析与评价方法研究[J].北京交通大学学报（社会科学版）,2017,16(2):57-65. 被引量：28
10潘海泽,贺建,陈梦捷,缪玮.基于突变级数法的地铁车站基坑施工风险研究[J].地下空间与工程学报,2017,13(3):840-845. 被引量：18

引证文献4

1文伟平,李经纬,焦英楠,李海林.一种基于随机探测算法和信息聚合的漏洞检测方法[J].信息网络安全,2019(1):1-7. 被引量：5
2郭帆,范威威.面向Java EE程序的SQLIA漏洞分析和验证方法[J].计算机科学与探索,2021,15(2):270-283. 被引量：10
3潘海泽,李根,陈怡西,罗振华,韩建强.基于SEM-IPA的地铁盾构隧道施工安全脆弱性关键影响因素研究[J].隧道建设（中英文）,2023,43(6):936-947. 被引量：2
4郑炜,许晴晴,李奇,陈翔,孙家泽.Tenda AX12路由器0-Day栈溢出漏洞挖掘方法[J].信息安全学报,2024,9(3):157-175.

二级引证文献17

1杨杰,黄海波,高羽茜,张晓帆,鞠远.美国网络安全漏洞运营机制研究及对我国的启示[J].保密科学技术,2020(7):56-62. 被引量：1
2栗维勋,马斌,栗会峰.单向传输状态下网络信息漏洞量化评估[J].微型电脑应用,2021,37(2):80-83.
3丁俊.基于大数据技术的软件安全漏洞自动挖掘方法研究[J].太原师范学院学报（自然科学版）,2022,21(1):45-50. 被引量：5
4姚纪卫,杨芳.基于内存保护技术的二进制内存破坏型漏洞攻击防护方法研究[J].信息安全研究,2022,8(7):694-699. 被引量：1
5周轩.一种基于数据依赖的污点分析方法[J].电脑知识与技术,2022,18(23):19-20.
6劳莹,曾嵘,谢丽莎,毛子婷.企业数据库一体化漏洞评估系统[J].信息与电脑,2022,34(20):120-122. 被引量：1
7王晓翼.基于自动化渗透测试的电力监控系统网络安全脆弱性检测[J].电子设计工程,2023,31(5):75-79. 被引量：3
8罗雅丽.安全检查工具中Java前端框架设计方法研究[J].电脑编程技巧与维护,2023(3):30-32.
9李华.Java软件开发问题分析[J].电子技术与软件工程,2023(2):43-46.
10宋健,张超.基于规则过滤的机场网站漏洞自动化检测系统[J].自动化与仪器仪表,2023(4):134-137.

1时尚魅力 “机”情蔓延——松下A系列手机时尚报告[J].数码世界（A）,2005,4(02A):56-56.
2用名片清理键盘[J].陕西档案,2011(6):58-58.
3于吉涛.时尚全能娱乐机 HP Pavilion dv5[J].数码世界,2008,0(11):80-80.
4照镜子的学问[J].读写月报（初中版）,2010(1):36-36.
5陈鹏.护照大小的移动硬盘[J].电脑时空,2007(7):41-41.
6Emma.高精度画笔[J].设计,2017,30(6):27-27.
7王欣.翻转随心 HP Pavilion X360[J].个人电脑,2014(6):9-9.
8便携商务新利器联想ThinkPadX240笔记本电脑[J].新电脑,2014(5):83-83.
9郝杰.一种程序切片的图示构造方法[J].大众科技,2011,13(1):16-17.
10刘磊,袁琦,金成植.基于信息流分析的程序分析技术[J].计算机研究与发展,1997,34(S1):173-177. 被引量：2

Wuhan University Journal of Natural Sciences

2016年第1期

浏览历史

内容加载中请稍等...