摘要
在虚函数执行中,由于错误操作C++对象的虚函数表而引起数组溢出漏洞。通过攻击虚函数造成系统崩溃,甚至导致攻击者可直接控制程序执行,严重威胁用户安全。为尽早发现并修复此类安全漏洞,对该安全漏洞的挖掘技术进行深入研究,结合MS Word解析RTF文件和虚函数调用之间的联系,发现MS Word在解析异常的RTF文件时存在数组溢出漏洞,并进一步提出基于文件结构解析的Fuzzing测试方法来挖掘RTF数组溢出漏洞。在此基础上,设计了RTF数组溢出漏洞挖掘工具(RAVD,RTF array vulnerability detector)。通过RAVD对RTF文件进行测试,能够正确挖掘出数组溢出漏洞。实际的模糊测试表明,设计的工具相比传统的漏洞挖掘工具具有更高的挖掘效率。
When the virtual function was executed, it could cause array overflow vulnerability due to error operation of the virtual function table of C++ object. By attacking the virtual function, it could cause the system crash, or even the at- tacker to control the execution of program directly was allowed, which threatened user's security seriously. In order to find and fix this potential security vulnerability as soon as possible, the technology for detecting such security vulnerabil- ity was studied. Based on the analysis of the virtual function call during the MS Word parsing RTF files, the array over- flow vulnerability generated by MS Word parsing abnormal RTF files, and a new RTF array overflow vulnerability detec- tion method based on the file structure analytical Fuzzing was proposed. Besides, an RTF array overflow vulnerability detection tool (RAVD, RTF array vulnerability detector) was designed. The test results show RAVD can detect RTF array overflow vulnerabilities correctly. Moreover, the Fuzzing results show RAVD has higher efficiency in comparison with traditional file Fuzzing tools.
出处
《通信学报》
EI
CSCD
北大核心
2017年第5期96-107,共12页
Journal on Communications
基金
国家自然科学基金资助项目(No.61202440
No.61402057)
江苏省产学研前瞻性联合研究基金资助项目(No.BY2016050-01)
江苏省科技计划基金资助项目(No.BK20160411)~~
