期刊文献+
共找到10篇文章
< 1 >
每页显示 20 50 100
A Taint Analysis Framework Applied to Android Applications in the Packed State
1
作者 Shouying Bai Lu Ma +1 位作者 Huan Ma Wei Liu 《China Communications》 SCIE CSCD 2023年第3期336-346,共11页
In recent years,Android applications have caused personal privacy leaks frequently.In order to analyze the malicious behavior,taint analysis technology can be used to track the API call chain,build a control-flow grap... In recent years,Android applications have caused personal privacy leaks frequently.In order to analyze the malicious behavior,taint analysis technology can be used to track the API call chain,build a control-flow graph of function,and determine whether there is a security risk.However,with the continuous escalation of offensive and defensive confrontation of source code,more and more applications use reinforcement technology to prevent security practitioners from performing reverse analysis,therefore it is impossible to analyze function-behavior from the source code.Thus,we design a framework of taint analysis that applied to the Android applications,which automatically unpacks the Android APKs,restores the real source code of the App,performs taint analysis,and generates a control-flow graph of function.Experimental tests showed that the system can cope with the current mainstream reinforcement technology and restore the real Dex file quickly.Simultaneously,compared with the number of nodes before packing,the generated control-flow graph had an explosive increase,which effectively assisted manual analysis of App with the privacy leakage behaviors. 展开更多
关键词 privacy disclosure unpacked technology taint analysis
下载PDF
Smart Contract Fuzzing Based on Taint Analysis and Genetic Algorithms 被引量:1
2
作者 Zaoyu Wei Jiaqi Wang +1 位作者 Xueqi Shen Qun Luo 《Journal of Quantum Computing》 2020年第1期11-24,共14页
Smart contract has greatly improved the services and capabilities of blockchain,but it has become the weakest link of blockchain security because of its code nature.Therefore,efficient vulnerability detection of smart... Smart contract has greatly improved the services and capabilities of blockchain,but it has become the weakest link of blockchain security because of its code nature.Therefore,efficient vulnerability detection of smart contract is the key to ensure the security of blockchain system.Oriented to Ethereum smart contract,the study solves the problems of redundant input and low coverage in the smart contract fuzz.In this paper,a taint analysis method based on EVM is proposed to reduce the invalid input,a dangerous operation database is designed to identify the dangerous input,and genetic algorithm is used to optimize the code coverage of the input,which construct the fuzzing framework for smart contract together.Finally,by comparing Oyente and ContractFuzzer,the performance and efficiency of the framework are proved. 展开更多
关键词 Smart contract FUZZING taint analysis genetic algorithms
下载PDF
Smart Contract Fuzzing Based on Taint Analysis and Genetic Algorithms
3
作者 Zaoyu Wei Jiaqi Wang +1 位作者 Xueqi Shen Qun Luo 《Journal of Information Hiding and Privacy Protection》 2020年第1期35-45,共11页
Smart contract has greatly improved the services and capabilities of blockchain,but it has become the weakest link of blockchain security because of its code nature.Therefore,efficient vulnerability detection of smart... Smart contract has greatly improved the services and capabilities of blockchain,but it has become the weakest link of blockchain security because of its code nature.Therefore,efficient vulnerability detection of smart contract is the key to ensure the security of blockchain system.Oriented to Ethereum smart contract,the study solves the problems of redundant input and low coverage in the smart contract fuzz.In this paper,a taint analysis method based on EVM is proposed to reduce the invalid input,a dangerous operation database is designed to identify the dangerous input,and genetic algorithm is used to optimize the code coverage of the input,which construct the fuzzing framework for smart contract together.Finally,by comparing Oyente and ContractFuzzer,the performance and efficiency of the framework are proved. 展开更多
关键词 Smart contract FUZZING taint analysis genetic algorithms
下载PDF
SwordDTA: A Dynamic Taint Analysis Tool for Software Vulnerability Detection 被引量:4
4
作者 CAI Jun ZOU Peng +1 位作者 MA Jinxin HE Jun 《Wuhan University Journal of Natural Sciences》 CAS CSCD 2016年第1期10-20,共11页
Software vulnerabilities are the root cause of various information security incidents while dynamic taint analysis is an emerging program analysis technique. In this paper, to maximize the use of the technique to dete... Software vulnerabilities are the root cause of various information security incidents while dynamic taint analysis is an emerging program analysis technique. In this paper, to maximize the use of the technique to detect software vulnerabilities, we present SwordDTA, a tool that can perform dynamic taint analysis for binaries. This tool is flexible and extensible that it can work with commodity software and hardware. It can be used to detect software vulnerabilities with vulnerability modeling and taint check. We evaluate it with a number of commonly used real-world applications. The experimental results show that SwordDTA is capable of detecting at least four kinds of softavare vulnerabilities including buffer overflow, integer overflow, division by zero and use-after-free, and is applicable for a wide range of software. 展开更多
关键词 information security software vulnerability detection dynamic taint analysis use-after-free
原文传递
Automatic protocol reverse engineering for industrial control systems with dynamic taint analysis 被引量:4
5
作者 Rongkuan MA Hao ZHENG +3 位作者 Jingyi WANG Mufeng WANG Qiang WEI Qingxian WANG 《Frontiers of Information Technology & Electronic Engineering》 SCIE EI CSCD 2022年第3期351-360,共10页
Proprietary(or semi-proprietary)protocols are widely adopted in industrial control systems(ICSs).Inferring protocol format by reverse engineering is important for many network security applications,e.g.,program tests ... Proprietary(or semi-proprietary)protocols are widely adopted in industrial control systems(ICSs).Inferring protocol format by reverse engineering is important for many network security applications,e.g.,program tests and intrusion detection.Conventional protocol reverse engineering methods have been proposed which are considered time-consuming,tedious,and error-prone.Recently,automatical protocol reverse engineering methods have been proposed which are,however,neither effective in handling binary-based ICS protocols based on network traffic analysis nor accurate in extracting protocol fields from protocol implementations.In this paper,we present a framework called the industrial control system protocol reverse engineering framework(ICSPRF)that aims to extract ICS protocol fields with high accuracy.ICSPRF is based on the key insight that an individual field in a message is typically handled in the same execution context,e.g.,basic block(BBL)group.As a result,by monitoring program execution,we can collect the tainted data information processed in every BBL group in the execution trace and cluster it to derive the protocol format.We evaluate our approach with six open-source ICS protocol implementations.The results show that ICSPRF can identify individual protocol fields with high accuracy(on average a 94.3%match ratio).ICSPRF also has a low coarse-grained and overly fine-grained match ratio.For the same metric,ICSPRF is more accurate than AutoFormat(88.5%for all evaluated protocols and 80.0%for binary-based protocols). 展开更多
关键词 Industrial control system(ICS) ICS protocol reverse engineering Dynamic taint analysis Protocol format
原文传递
ELAID:detecting integer-Overflow-to-Buffer-Overflow vulnerabilities by light-weight and accurate static analysis 被引量:1
6
作者 Lili Xu Mingjie Xu +1 位作者 Feng Li Wei Huo 《Cybersecurity》 CSCD 2020年第1期248-266,共19页
The Integer-Overflow-to-Buffer-Overflow(IO2BO)vulnerability has been widely exploited by attackers to cause severe damages to computer systems.Automatically identifying this kind of vulnerability is critical for softw... The Integer-Overflow-to-Buffer-Overflow(IO2BO)vulnerability has been widely exploited by attackers to cause severe damages to computer systems.Automatically identifying this kind of vulnerability is critical for software security.Despite many works have been done to mitigate integer overflow,existing tools either report large number of false positives or introduce unacceptable time consumption.To address this problem,in this article we present a static analysis framework.It first constructs an inter-procedural call graph and utilizes taint analysis to accurately identify potential IO2BO vulnerabilities.Then it uses a light-weight method to further filter out false positives.Specifically,it generates constraints representing the conditions under which a potential IO2BO vulnerability can be triggered,and feeds the constraints to SMT solver to decide their satisfiability.We have implemented a prototype system ELAID based on LLVM,and evaluated it on 228 programs of the NIST’s SAMATE Juliet test suite and 14 known IO2BO vulnerabilities in real world.The experiment results show that our system can effectively and efficiently detect all known IO2BO vulnerabilities. 展开更多
关键词 Integer-Overflow-to-Buffer-Overflow(IO2BO)vulnerability Inter-procedural dataflow analysis taint analysis Path satisfiability
原文传递
ELAID:detecting integer-Overflow-to-Buffer-Overflow vulnerabilities by light-weight and accurate static analysis
7
作者 Lili Xu Mingjie Xu +1 位作者 Feng Li Wei Huo 《Cybersecurity》 2018年第1期860-878,共19页
The Integer-Overflow-to-Buffer-Overflow(IO2BO)vulnerability has been widely exploited by attackers to cause severe damages to computer systems.Automatically identifying this kind of vulnerability is critical for softw... The Integer-Overflow-to-Buffer-Overflow(IO2BO)vulnerability has been widely exploited by attackers to cause severe damages to computer systems.Automatically identifying this kind of vulnerability is critical for software security.Despite many works have been done to mitigate integer overflow,existing tools either report large number of false positives or introduce unacceptable time consumption.To address this problem,in this article we present a static analysis framework.It first constructs an inter-procedural call graph and utilizes taint analysis to accurately identify potential IO2BO vulnerabilities.Then it uses a light-weight method to further filter out false positives.Specifically,it generates constraints representing the conditions under which a potential IO2BO vulnerability can be triggered,and feeds the constraints to SMT solver to decide their satisfiability.We have implemented a prototype system ELAID based on LLVM,and evaluated it on 228 programs of the NIST’s SAMATE Juliet test suite and 14 known IO2BO vulnerabilities in real world.The experiment results show that our system can effectively and efficiently detect all known IO2BO vulnerabilities. 展开更多
关键词 Integer-Overflow-to-Buffer-Overflow(IO2BO)vulnerability Inter-procedural dataflow analysis taint analysis Path satisfiability
原文传递
基于污点和概率的逃逸恶意软件多路径探索
8
作者 徐钫洲 张网 +1 位作者 羌卫中 金海 《Security and Safety》 2023年第3期83-106,共24页
Static analysis is often impeded by malware obfuscation techniques,such as encryption and packing,whereas dynamic analysis tends to be more resistant to obfuscation by leveraging concrete execution information.Unfortu... Static analysis is often impeded by malware obfuscation techniques,such as encryption and packing,whereas dynamic analysis tends to be more resistant to obfuscation by leveraging concrete execution information.Unfortunately,malware can employ evasive techniques to detect the analysis environment and alter its behavior accordingly.While known evasive techniques can be explicitly dismantled,the challenge lies in generically dismantling evasions without full knowledge of their conditions or implementations,such as logic bombs that rely on uncertain conditions,let alone unsupported evasive techniques,which contain evasions without corresponding dismantling strategies and those leveraging unknown implementations.In this paper,we present Antitoxin,a prototype for automatically exploring evasive malware.Antitoxin utilizes multi-path exploration guided by taint analysis and probability calculations to effectively dismantle evasive techniques.The probabilities of branch execution are derived from dynamic coverage,while taint analysis helps identify paths associated with evasive techniques that rely on uncertain conditions.Subsequently,Antitoxin prioritizes branches with lower execution probabilities and those influenced by taint analysis for multi-path exploration.This is achieved through forced execution,which forcefully sets the outcomes of branches on selected paths.Additionally,Antitoxin employs active anti-evasion countermeasures to dismantle known evasive techniques,thereby reducing exploration overhead.Furthermore,Antitoxin provides valuable insights into sensitive behaviors,facilitating deeper manual analysis.Our experiments on a set of highly evasive samples demonstrate that Antitoxin can effectively dismantle evasive techniques in a generic manner.The probability calculations guide the multi-path exploration of evasions without requiring prior knowledge of their conditions or implementations,enabling the dismantling of unsupported techniques such as C2 and significantly improving efficiency compared to linear exploration when dealing with complex control flows.Additionally,taint analysis can accurately identify branches related to logic bombs,facilitating preferential exploration. 展开更多
关键词 Malware analysis dynamic binary instrumentation forced execution taint analysis evasion detection
原文传递
From proof-of-concept to exploitable 被引量:1
9
作者 Yan Wang WeiWu +3 位作者 Chao Zhang Xinyu Xing Xiaorui Gong Wei Zou 《Cybersecurity》 CSCD 2019年第1期189-213,共25页
Exploitability assessment of vulnerabilities is important for both defenders and attackers.The ultimate way to assess the exploitability is crafting a working exploit.However,it usually takes tremendous hours and sign... Exploitability assessment of vulnerabilities is important for both defenders and attackers.The ultimate way to assess the exploitability is crafting a working exploit.However,it usually takes tremendous hours and significant manual efforts.To address this issue,automated techniques can be adopted.Existing solutions usually explore in depth the crashing paths,i.e.,paths taken by proof-of-concept(PoC)inputs triggering vulnerabilities,and assess exploitability by finding exploitable states along the paths.However,exploitable states do not always exist in crashing paths.Moreover,existing solutions heavily rely on symbolic execution and are not scalable in path exploration and exploit generation.In this paper,we propose a novel solution to generate exploit for userspace programs or facilitate the process of crafting a kernel UAF exploit.Technically,we utilize oriented fuzzing to explore diverging paths from vulnerability point.For userspace programs,we adopt a control-flow stitching solution to stitch crashing paths and diverging paths together to generate exploit.For kernel UAF,we leverage a lightweight symbolic execution to identify,analyze and evaluate the system calls valuable and useful for exploiting vulnerabilities.We have developed a prototype system and evaluated it on a set of 19 CTF(capture the flag)programs and 15 realworld Linux kernel UAF vulnerabilities.Experiment results showed it could generate exploit for most of the userspace test set,and it could also facilitate security mitigation bypassing and exploitability evaluation for kernel test set. 展开更多
关键词 EXPLOIT VULNERABILITY taint analysis FUZZING Symbolic execution
原文传递
From proof-of-concept to exploitable
10
作者 Yan Wang WeiWu +3 位作者 Chao Zhang Xinyu Xing Xiaorui Gong Wei Zou 《Cybersecurity》 2018年第1期464-488,共25页
Exploitability assessment of vulnerabilities is important for both defenders and attackers.The ultimate way to assess the exploitability is crafting a working exploit.However,it usually takes tremendous hours and sign... Exploitability assessment of vulnerabilities is important for both defenders and attackers.The ultimate way to assess the exploitability is crafting a working exploit.However,it usually takes tremendous hours and significant manual efforts.To address this issue,automated techniques can be adopted.Existing solutions usually explore in depth the crashing paths,i.e.,paths taken by proof-of-concept(PoC)inputs triggering vulnerabilities,and assess exploitability by finding exploitable states along the paths.However,exploitable states do not always exist in crashing paths.Moreover,existing solutions heavily rely on symbolic execution and are not scalable in path exploration and exploit generation.In this paper,we propose a novel solution to generate exploit for userspace programs or facilitate the process of crafting a kernel UAF exploit.Technically,we utilize oriented fuzzing to explore diverging paths from vulnerability point.For userspace programs,we adopt a control-flow stitching solution to stitch crashing paths and diverging paths together to generate exploit.For kernel UAF,we leverage a lightweight symbolic execution to identify,analyze and evaluate the system calls valuable and useful for exploiting vulnerabilities.We have developed a prototype system and evaluated it on a set of 19 CTF(capture the flag)programs and 15 realworld Linux kernel UAF vulnerabilities.Experiment results showed it could generate exploit for most of the userspace test set,and it could also facilitate security mitigation bypassing and exploitability evaluation for kernel test set. 展开更多
关键词 EXPLOIT VULNERABILITY taint analysis FUZZING Symbolic execution
原文传递
上一页 1 下一页 到第
使用帮助 返回顶部