摘要
Use-after-free漏洞(简称UaF漏洞)是当前最流行的高危内存破坏漏洞。目前针对UaF漏洞的检测工作并不完善,原因是UaF漏洞产生的特征是分配内存、释放内存、使用已释放的内存并按顺序出现,而这3种事件可能出现在程序的任何位置,需要跟踪较长的执行序列并搜索潜在的危险事件序列才能检测到该漏洞,这很大程度上提高了检测的难度。该文针对UaF漏洞,分析了漏洞的产生原因、利用方式、带来的安全威胁以及漏洞检测技术面临的挑战,并设计和实现了一个基于静态分析和动态符号执行的面向二进制文件的UaF漏洞检测系统。经测试,该系统能够检测出已公开的UaF漏洞。通过该系统检测软件中的UaF漏洞,及时对软件进行修复或防护,可以有效提高软件的健壮性,减少UaF漏洞带来的安全隐患。
Use-after-free (UaF) vulnerabilities are one of the most common and risky memory corruption vulnerabilities. However, UaF vulnerabilities are difficult to detect. A UaF vulnerability is triggered if and only if three operations occur on the same memory region, in an order of allocating memory, freeing memory, and using the freed memory. These three operations may be conducted anywhere in the program in any order, so the analysis must track a long execution sequence and search for potential vulnerable event sequences to detect U'aF vulnerabilities. This study analyzes the root causes of UaF vulnerabilities, ways to exploit them, the severity of the threat and the challenges in detecting them. A solution is then given based on a static analysis and dynamic symbolic execution to detect UaF vulnerabilities in binaries. Tests show that this solution can detect known vulnerabilities in a benchmark. Thus, this detection system can be used to identify and fix bugs to improve application security.
出处
《清华大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2017年第10期1022-1029,共8页
Journal of Tsinghua University(Science and Technology)
基金
国家自然科学基金资助项目(61402125)
