摘要
Crash(程序崩溃)分析是漏洞挖掘与利用的关键阶段,精准的crash分类是crash分析和漏洞利用的前提.针对现有的Linux内核crash存在大量重复的问题,本文提出一种对象驱动的Linux内核crash分类方法.该方法将内核crash与内核对象的关系建模为二部图结构,从而将crash分类问题转化为内核对象的相似性对比问题.首先,通过对crash执行后向污点分析提取crash相关的内核对象;其次,构造内核对象调用图计算内核与根本原因的相关性度量;最后,基于上述结果构造二部图实现crash相似性比较算法.基于上述方法,本文开发出了Linux内核crash分类的原型系统.通过在真实的数据集上进行实验,验证了系统的有效性和可用性,弥补了现有分类方法粒度较粗,存在误报较多的问题.
Crash analysis is the key stage of vulnerability mining and utilization,and accurate crash classification is the premise of crash analysis and vulnerability utilization.Aiming at the problem of a large number of repeated crashes in the existing Linux kernel,this paper proposes an object driven Linux kernel crash classification method.In this method,the relationship between the kernel crash and the kernel object is modeled as a bipartite graph structure.First,the kernel objects related to crash are extracted by performing backward stain analysis on the crash;Secondly,the kernel object call graph is constructed to calculate the correlation between the kernel and the root cause;Finally,based on the above results,a bipartite graph is constructed to implement the crash similarity comparison algorithm.Based on the above methods,this paper develops a Linux kernel crash classification prototype system.Through experiments on real data sets,the effectiveness and availability of the system are verified,and the problems of coarse granularity and more false positives in existing classification methods are remedied.
作者
何林浩
魏强
王允超
郭志民
HE Linhao;WEI Qiang;WANG Yunchao;GUO Zhimin(State Key Laboratory of Mathematical Engineering and Advanced Computing,Information Engineering University,Zhengzhou 450001,China;State Grid Henan Electric Power Research Institute,Zhengzhou 450052,China)
出处
《小型微型计算机系统》
CSCD
北大核心
2024年第4期926-932,共7页
Journal of Chinese Computer Systems
基金
国家重点研发计划项目(2017YFB0802901)资助.
