期刊文献+

网络编码协议污点回溯逆向分析方法研究 被引量:9

Research on Taint Backtracking Reverse Analysis Method of Network Encoding Protocol
下载PDF
导出
摘要 文章提出一种污点回溯方法,该方法首先对网络应用程序进行动态调试,定位网络接口函数和网络输出缓冲区,确定单次最小执行轨迹区间;然后通过执行轨迹分析计算执行轨迹区间内的所有初始内存地址;接着对应用程序进行内存快照,缓存执行轨迹区间的入口状态,并在单次执行计算之后进行恢复;最后通过污染源定位算法获取编码前的内存数据地址。实验结果表明,该方法能有效定位编码前内存地址,适用于包括加密、压缩、校验等不同类型的编码协议。通过该方法一方面可以利用编码前的内存数据分析编码协议的语法信息,提高对编码协议的语法分析能力;另一方面,利用编码函数入口地址及编码前内存地址,生成能通过完整性检测的网络协议测试数据,提高对编码协议的漏洞挖掘能力。 This paper proposes a method of taint backtracking. Firstly, this method carries on the dynamic debugging to the network application procedure, locates network interface functions and network output buffers, determines the single minimum execution trajectory interval. Secondly, it performs all of the initial memory addresses in the track section by performing a path analysis calculation. And then the memory cache is applied to the application program, and the entrance state of the trajectory interval is buffered and restored after a single execution of the calculation. Finally, the address of the memory data before coding is obtained by the pollution source localization algorithm. Experimental results show that this method can effectively locate the pre-coding memory address, and it is suitable for different types of coding protocols, including encryption, compression and verification. On the one hand, this method can analyze the syntax information of the encoding protocol by using the memory data before encoding, and improve the syntax analysis ability of the encoding protocol. On the other hand, using the encoding function entry address and the pre-coding memory address, it can generate the network protocol test data that can be detected through integrity, and improve the capabilities of vulnerabilities discovery of the encoding protocol.
出处 《信息网络安全》 CSCD 2017年第1期68-76,共9页 Netinfo Security
基金 国家242信息安全计划[2005C48]
关键词 协议逆向 编码协议 污点回溯 protocol reverse encoding protocol taint backtracking
  • 相关文献

参考文献6

二级参考文献40

  • 1金婷,王攀,张顺颐,陆青莲,陈东.基于DPI和会话关联技术的QQ语音业务识别模型和算法[J].重庆邮电学院学报(自然科学版),2006,18(6):789-792. 被引量:10
  • 2ProxyFuzz [EB/OL]. http://www, darknet, org. uk/2007/06/ proxy fuzz-mitre-network- fuzzer-in-python/.
  • 3SPIKE Proxy[EB/OL]. http://www, immunitysec, com/resou-rcesfreesoftware.
  • 4Milani C P, Gilbert W, Christopher K, et al. Prospex: protocol specification extraction[C]//Proc, of the 30th IEEE Symposium on Security and Privacy. Oakland,California,USA,2009 : 110-125.
  • 5Tsankov P, Dashti M T, Basin D. SECFUZZ: Fuzz-testing securi- ty protocols [C]//Proc. of the 7th International Workshop on Automation of Software Test(AST). Zurich, Switzerland, 2012.
  • 6Caballero J,Johnson N, McCamant S, et al. Binary code extrac- tion and interface identification for security applications[C]// Proc of the 16th ACM Conference on Computer and Communi- cations Security(CCS). Chicago, USA, 2009.
  • 7Wang T,Wei T, Zou W. TaintScope: a checksum-aware directed fuzzing tool for automatic software vulnerability detection[C]// Proc. of the 31st IEEE Symposium on Security & Privacy (S&P). Oakland, California, USA, 2010.
  • 8Godefroid P, Levin M Y, Molnar D. Automated whitebox fuzz testing[C]//Proc, of the 16th Network and Distributed System Security(NDSS). California, USA, 2008.
  • 9Caballero J, Poosankarn P, McCamant S. Input generation via de- composition and re-stitching., finding bugs in malware[C]// Proc. of the 18th ACM Conference on Comput Communications Security(CCS). Chicago, USA, 2010.
  • 10Ganesh V, Leek T, Rinard M. Taint-based directed whitebox fuzzing[C]//Proc, of the 31st International Conference on Soft- ware Engineering. Vancouver, Canada, 2009.

共引文献26

同被引文献62

引证文献9

二级引证文献45

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部