In recent years,Android applications have caused personal privacy leaks frequently.In order to analyze the malicious behavior,taint analysis technology can be used to track the API call chain,build a control-flow grap...In recent years,Android applications have caused personal privacy leaks frequently.In order to analyze the malicious behavior,taint analysis technology can be used to track the API call chain,build a control-flow graph of function,and determine whether there is a security risk.However,with the continuous escalation of offensive and defensive confrontation of source code,more and more applications use reinforcement technology to prevent security practitioners from performing reverse analysis,therefore it is impossible to analyze function-behavior from the source code.Thus,we design a framework of taint analysis that applied to the Android applications,which automatically unpacks the Android APKs,restores the real source code of the App,performs taint analysis,and generates a control-flow graph of function.Experimental tests showed that the system can cope with the current mainstream reinforcement technology and restore the real Dex file quickly.Simultaneously,compared with the number of nodes before packing,the generated control-flow graph had an explosive increase,which effectively assisted manual analysis of App with the privacy leakage behaviors.展开更多
Smart contract has greatly improved the services and capabilities of blockchain,but it has become the weakest link of blockchain security because of its code nature.Therefore,efficient vulnerability detection of smart...Smart contract has greatly improved the services and capabilities of blockchain,but it has become the weakest link of blockchain security because of its code nature.Therefore,efficient vulnerability detection of smart contract is the key to ensure the security of blockchain system.Oriented to Ethereum smart contract,the study solves the problems of redundant input and low coverage in the smart contract fuzz.In this paper,a taint analysis method based on EVM is proposed to reduce the invalid input,a dangerous operation database is designed to identify the dangerous input,and genetic algorithm is used to optimize the code coverage of the input,which construct the fuzzing framework for smart contract together.Finally,by comparing Oyente and ContractFuzzer,the performance and efficiency of the framework are proved.展开更多
Smart contract has greatly improved the services and capabilities of blockchain,but it has become the weakest link of blockchain security because of its code nature.Therefore,efficient vulnerability detection of smart...Smart contract has greatly improved the services and capabilities of blockchain,but it has become the weakest link of blockchain security because of its code nature.Therefore,efficient vulnerability detection of smart contract is the key to ensure the security of blockchain system.Oriented to Ethereum smart contract,the study solves the problems of redundant input and low coverage in the smart contract fuzz.In this paper,a taint analysis method based on EVM is proposed to reduce the invalid input,a dangerous operation database is designed to identify the dangerous input,and genetic algorithm is used to optimize the code coverage of the input,which construct the fuzzing framework for smart contract together.Finally,by comparing Oyente and ContractFuzzer,the performance and efficiency of the framework are proved.展开更多
Software vulnerabilities are the root cause of various information security incidents while dynamic taint analysis is an emerging program analysis technique. In this paper, to maximize the use of the technique to dete...Software vulnerabilities are the root cause of various information security incidents while dynamic taint analysis is an emerging program analysis technique. In this paper, to maximize the use of the technique to detect software vulnerabilities, we present SwordDTA, a tool that can perform dynamic taint analysis for binaries. This tool is flexible and extensible that it can work with commodity software and hardware. It can be used to detect software vulnerabilities with vulnerability modeling and taint check. We evaluate it with a number of commonly used real-world applications. The experimental results show that SwordDTA is capable of detecting at least four kinds of softavare vulnerabilities including buffer overflow, integer overflow, division by zero and use-after-free, and is applicable for a wide range of software.展开更多
Proprietary(or semi-proprietary)protocols are widely adopted in industrial control systems(ICSs).Inferring protocol format by reverse engineering is important for many network security applications,e.g.,program tests ...Proprietary(or semi-proprietary)protocols are widely adopted in industrial control systems(ICSs).Inferring protocol format by reverse engineering is important for many network security applications,e.g.,program tests and intrusion detection.Conventional protocol reverse engineering methods have been proposed which are considered time-consuming,tedious,and error-prone.Recently,automatical protocol reverse engineering methods have been proposed which are,however,neither effective in handling binary-based ICS protocols based on network traffic analysis nor accurate in extracting protocol fields from protocol implementations.In this paper,we present a framework called the industrial control system protocol reverse engineering framework(ICSPRF)that aims to extract ICS protocol fields with high accuracy.ICSPRF is based on the key insight that an individual field in a message is typically handled in the same execution context,e.g.,basic block(BBL)group.As a result,by monitoring program execution,we can collect the tainted data information processed in every BBL group in the execution trace and cluster it to derive the protocol format.We evaluate our approach with six open-source ICS protocol implementations.The results show that ICSPRF can identify individual protocol fields with high accuracy(on average a 94.3%match ratio).ICSPRF also has a low coarse-grained and overly fine-grained match ratio.For the same metric,ICSPRF is more accurate than AutoFormat(88.5%for all evaluated protocols and 80.0%for binary-based protocols).展开更多
Grey-box fuzzing is an effective technology to detect software vulnerabilities,such as memory corruption.Previous fuzzers in detecting memory corruption bugs either use heavy-weight analysis,or use techniques which ar...Grey-box fuzzing is an effective technology to detect software vulnerabilities,such as memory corruption.Previous fuzzers in detecting memory corruption bugs either use heavy-weight analysis,or use techniques which are not customized for memory corruption detection.In this paper,we propose a novel memory bug guided fuzzer,ovAFLow.To begin with,we broaden the memory corruption targets where we frequently identify bugs.Next,ovAFLow utilizes light-weight and effective methods to build connections between the fuzzing inputs and these corruption targets.Based on the connection results,ovAFLow uses customized techniques to direct the fuzzing process closer to memory corruption.We evaluate ovAFLow against state-of-the-art fuzzers,including AFL(american fuzzy lop),AFLFast,FairPuzz,QSYM,Angora,TIFF,and TortoiseFuzz.The evaluation results show better vulnerability detection ability of ovAFLow,and the performance overhead is acceptable.Moreover,we identify 12 new memory corruption bugs and two CVEs(common vulnerability exposures)with the help of ovAFLow.展开更多
International brand names are losing their luster in China following product quality scandals and consumer service confusion Feng Yan, a white collar worker in Beijing, is passionate about luxurious brands. From handb...International brand names are losing their luster in China following product quality scandals and consumer service confusion Feng Yan, a white collar worker in Beijing, is passionate about luxurious brands. From handbags to household electrical appliances, she prefers paying more for world-famous names than buying cheaper goods by unknown manufacturer.展开更多
Separatist riots have damaged the reputation of lamas"The riots (in Gannan Tibetan Autonomous Prefecture) were staged by separatists. A small number of lamas also participated in the riots,and I was very sad abou...Separatist riots have damaged the reputation of lamas"The riots (in Gannan Tibetan Autonomous Prefecture) were staged by separatists. A small number of lamas also participated in the riots,and I was very sad about this."Those were the words of Jamyang Losang Jigme Tubdain Qoigyi Nyima,a living Buddha of the Labrang Monastery,speaking to Chinese and foreign reporters on April 9.展开更多
基金supported by Beijing Natural Science Foundation(No.4214061)。
文摘In recent years,Android applications have caused personal privacy leaks frequently.In order to analyze the malicious behavior,taint analysis technology can be used to track the API call chain,build a control-flow graph of function,and determine whether there is a security risk.However,with the continuous escalation of offensive and defensive confrontation of source code,more and more applications use reinforcement technology to prevent security practitioners from performing reverse analysis,therefore it is impossible to analyze function-behavior from the source code.Thus,we design a framework of taint analysis that applied to the Android applications,which automatically unpacks the Android APKs,restores the real source code of the App,performs taint analysis,and generates a control-flow graph of function.Experimental tests showed that the system can cope with the current mainstream reinforcement technology and restore the real Dex file quickly.Simultaneously,compared with the number of nodes before packing,the generated control-flow graph had an explosive increase,which effectively assisted manual analysis of App with the privacy leakage behaviors.
基金This work is supported by the National Key R&D Program of China(2017YFB0802703)Major Scientific and Technological Special Project of Guizhou Province(20183001)+2 种基金Open Foundation of Guizhou Provincial Key VOLUME XX,2019 Laboratory of Public Big Data(2018BDKFJJ014)Open Foundation of Guizhou Provincial Key Laboratory of Public Big Data(2018BDKFJJ019)Open Foundation of Guizhou Provincial Key Laboratory of Public Big Data(2018BDKFJJ022).
文摘Smart contract has greatly improved the services and capabilities of blockchain,but it has become the weakest link of blockchain security because of its code nature.Therefore,efficient vulnerability detection of smart contract is the key to ensure the security of blockchain system.Oriented to Ethereum smart contract,the study solves the problems of redundant input and low coverage in the smart contract fuzz.In this paper,a taint analysis method based on EVM is proposed to reduce the invalid input,a dangerous operation database is designed to identify the dangerous input,and genetic algorithm is used to optimize the code coverage of the input,which construct the fuzzing framework for smart contract together.Finally,by comparing Oyente and ContractFuzzer,the performance and efficiency of the framework are proved.
基金supported by Major Scientific and Technological Special Project of Guizhou Province(20183001)Exploration and Practice on the Education Mode for Engineering Students Based on Technology,Literature and art Inter-disciplinary Integration with the Internet+Background(022150118004/001)+2 种基金Open Foundation of Guizhou Provincial Key Laboratory of Public Big Data(2018BDKFJJ014)Open Foundation of Guizhou Provincial Key Laboratory of Public Big Data(2018BDKFJJ019)Open Foundation of Guizhou Provincial Key Laboratory of Public Big Data(2018BDKFJJ022).
文摘Smart contract has greatly improved the services and capabilities of blockchain,but it has become the weakest link of blockchain security because of its code nature.Therefore,efficient vulnerability detection of smart contract is the key to ensure the security of blockchain system.Oriented to Ethereum smart contract,the study solves the problems of redundant input and low coverage in the smart contract fuzz.In this paper,a taint analysis method based on EVM is proposed to reduce the invalid input,a dangerous operation database is designed to identify the dangerous input,and genetic algorithm is used to optimize the code coverage of the input,which construct the fuzzing framework for smart contract together.Finally,by comparing Oyente and ContractFuzzer,the performance and efficiency of the framework are proved.
基金Supported by the National High Technology Research and Development Program of China(863 Program)(2012AA012902)the“HGJ”National Major Technological Projects(2013ZX01045-004)
文摘Software vulnerabilities are the root cause of various information security incidents while dynamic taint analysis is an emerging program analysis technique. In this paper, to maximize the use of the technique to detect software vulnerabilities, we present SwordDTA, a tool that can perform dynamic taint analysis for binaries. This tool is flexible and extensible that it can work with commodity software and hardware. It can be used to detect software vulnerabilities with vulnerability modeling and taint check. We evaluate it with a number of commonly used real-world applications. The experimental results show that SwordDTA is capable of detecting at least four kinds of softavare vulnerabilities including buffer overflow, integer overflow, division by zero and use-after-free, and is applicable for a wide range of software.
基金supported by the National Natural Science Foundation of China(No.61833015)。
文摘Proprietary(or semi-proprietary)protocols are widely adopted in industrial control systems(ICSs).Inferring protocol format by reverse engineering is important for many network security applications,e.g.,program tests and intrusion detection.Conventional protocol reverse engineering methods have been proposed which are considered time-consuming,tedious,and error-prone.Recently,automatical protocol reverse engineering methods have been proposed which are,however,neither effective in handling binary-based ICS protocols based on network traffic analysis nor accurate in extracting protocol fields from protocol implementations.In this paper,we present a framework called the industrial control system protocol reverse engineering framework(ICSPRF)that aims to extract ICS protocol fields with high accuracy.ICSPRF is based on the key insight that an individual field in a message is typically handled in the same execution context,e.g.,basic block(BBL)group.As a result,by monitoring program execution,we can collect the tainted data information processed in every BBL group in the execution trace and cluster it to derive the protocol format.We evaluate our approach with six open-source ICS protocol implementations.The results show that ICSPRF can identify individual protocol fields with high accuracy(on average a 94.3%match ratio).ICSPRF also has a low coarse-grained and overly fine-grained match ratio.For the same metric,ICSPRF is more accurate than AutoFormat(88.5%for all evaluated protocols and 80.0%for binary-based protocols).
基金supported by the National High-Level Personnel for Defense Technology Program of China under Grant No.2017-JCJQ-ZQ-013the National Natural Science Foundation of China under Grant Nos.61902405 and 61902412+2 种基金the Natural Science Foundation of Hunan Province of China under Grant No.2021JJ40692the Parallel and Distributed Processing Research Foundation under Grant No.6142110190404and the Research Project of National University of Defense Technology under Grant Nos.ZK20-09 and ZK20-17.
文摘Grey-box fuzzing is an effective technology to detect software vulnerabilities,such as memory corruption.Previous fuzzers in detecting memory corruption bugs either use heavy-weight analysis,or use techniques which are not customized for memory corruption detection.In this paper,we propose a novel memory bug guided fuzzer,ovAFLow.To begin with,we broaden the memory corruption targets where we frequently identify bugs.Next,ovAFLow utilizes light-weight and effective methods to build connections between the fuzzing inputs and these corruption targets.Based on the connection results,ovAFLow uses customized techniques to direct the fuzzing process closer to memory corruption.We evaluate ovAFLow against state-of-the-art fuzzers,including AFL(american fuzzy lop),AFLFast,FairPuzz,QSYM,Angora,TIFF,and TortoiseFuzz.The evaluation results show better vulnerability detection ability of ovAFLow,and the performance overhead is acceptable.Moreover,we identify 12 new memory corruption bugs and two CVEs(common vulnerability exposures)with the help of ovAFLow.
文摘International brand names are losing their luster in China following product quality scandals and consumer service confusion Feng Yan, a white collar worker in Beijing, is passionate about luxurious brands. From handbags to household electrical appliances, she prefers paying more for world-famous names than buying cheaper goods by unknown manufacturer.
文摘Separatist riots have damaged the reputation of lamas"The riots (in Gannan Tibetan Autonomous Prefecture) were staged by separatists. A small number of lamas also participated in the riots,and I was very sad about this."Those were the words of Jamyang Losang Jigme Tubdain Qoigyi Nyima,a living Buddha of the Labrang Monastery,speaking to Chinese and foreign reporters on April 9.
