摘要
对软件密码机制的自动化逆向分析,在漏洞挖掘、恶意代码分析、协议还原等领域发挥着重要作用。针对现有分析方法中存在的机制分析不完整、结果可读性差等问题,提出基于数据流的软件密码机制自动化分析方法,利用动态插桩获取软件运行时信息,定义和识别与密码相关的软件行为,根据行为间数据流关系,从图形和语义两个角度,实现软件密码机制的自动还原。实验结果表明,该方法能够自动高效分析软件密码机制,发现潜在的安全缺陷。
The automated reverse analysis of cipher mechanisms in software plays an important role in software vulnerabilities discovery,malware analysis and recovery of protocols.To solve the problems of incompleteness and poor readability in current methods,an automated analysis method of cipher mechanisms based on data flow is presented to analyze the cipher mechanisms in software.Dynamic binary instrumentation is used to obtain the information of API calls during the running process of software,from which the software behaviors related to cryptography are defined and identified.Furthermore,the cipher mechanisms in software are restored automatically from the graphic as well as semantic perspective,according to the data flow relationship between the software behaviors.The experiment results show that the method analyzes the cipher mechanisms in software automatically and efficiently,and detects the potential security vulnerabilities.
作者
黄宇垚
光焱
杨巨
康绯
HUANG Yuyao;GUANG Yan;YANG Ju;KANG Fei(Information Engineering University, Zhengzhou 450001, China)
出处
《信息工程大学学报》
2021年第2期191-199,共9页
Journal of Information Engineering University
基金
国家重点研发计划基金资助项目(2016YFB08011601)。
关键词
密码机制
语义分析
数据流
软件行为
cipher mechanisms
semantic analysis
data flow
software behavior