您好,欢迎访问三七文档
当前位置:首页 > 电子/通信 > 数据通信与网络 > 基于动态污点分析的漏洞攻击检测技术研究与实现
I 摘要当今软件系统不断增加的规模和复杂度导致了越来越多的安全漏洞的出现。其中昀为著名的有缓冲区溢出漏洞、格式化字符串漏洞、SQL注入漏洞和跨站脚本漏洞等。攻击者可以利用这些漏洞改变程序原来的执行流程,执行攻击者自己编写的恶意代码,破坏用户程序或者偷取用户敏感信息。鉴于漏洞攻击所造成的强大破坏力以及对信息安全的威胁,国内外在漏洞攻击检测方面已有了一些较深入的研究。然而目前这些技术存在诸多不足,基于编译时期动态跟踪污点信息的检测技术,不能检测针对用非类型安全语言编写的应用程序。基于源代码分析的检测技术,不能检测针对第三方库的漏洞攻击,并且缺少运行时信息的支持,有较高的误报漏报率。本文在对漏洞攻击原理的深入分析以及对国内外相关研究技术的大量调研基础上提出了一种新型的漏洞攻击检测技术—基于动态污点分析的漏洞攻击检测技术。该方法动态的跟踪程序运行时对数据的处理,并记录处理过程中数据的传播,找出目的数据结果与源数据之间的依赖关系,从而达到检测漏洞攻击的目的。本文的主要贡献如下:(1)实现了基于控制流的污点信息传播方法。本文不仅实现了基于数据流的污点传播过程,同时也考虑到了信息流的控制依赖关系。提出了启发式的CFG动态构建,通过指令映射、基本块组合和postdominate树构造,建立起信息流之间的控制依赖关系,并且通过控制流分析算法实现了基于控制流的污点传播过程。(2)实现了更为严谨的安全检测策略。本文通过对目前主流漏洞攻击原理的深入分析,提出使用MBSL语言结合正则表达式更为严谨的定义了安全检测策略,解决了宽松的安全检测策略所带来的漏报问题,能够检测出更多种类的漏洞攻击。(3)实现了基于动态污点分析的漏洞攻击检测原型系统。该系统通过动态跟踪二进制目标程序运行时的信息流传播,检测并阻止外部不可信数据用于非安全的数据操作,从而扼制了攻击的源头。该系统不需要对目标程序源代码进行分析,能够适用于商业软件,并且在漏洞攻击检测上有着较低的漏报和误报率。本文昀 II 后的系统测试从功能和性能两个方面证明了原型系统的可行性和有效性。关键词:动态污点分析,信息流,控制流,漏洞攻击 III ABSTRACTTheincreasingsizeandcomplexityofmodernsoftwaresystemsleadtoanincreasingnumberofsecurityvulnerabilities.Well-knownexamplesincludebufferoverflow,formatstring,SQLinjection,andcross-sitescriptingvulnerability.Thesevulnerabilitiesallowmalicioususerstolaunchattacksbyexecutingarbitrarycode,causingseveredamagestotherunningprocessorstealingsensitivedataonavulnerablesystem.Inviewofthevulnerabilitiescausedbydestructivepower,andthreatstoinformationsecurity,thedetectionofexploitsathomeandabroadhavesomemorein-depthstudy.However,thesetechnologieshasmanydeficiencies,staininformation,detectiontechnologybasedoncompile-timedynamictrackingapplicationswrittenfornon-type-safelanguagecannotbedetected.Detectiontechniquesbasedonsourcecodeanalysis,cannotdetectexploitsagainstthird-partylibraries,andthelackofinformationintherun-timesupport,haveahigherfalsepositiveandfalsenegativerate.Inthisthesis,anewtypeofexploitdetectiontechnology-basedondynamictaintanalysis,exploitdetectiontechnologyexploitstheprincipleofin-depthanalysisandrelatedtechnologyresearchbasis.Trackingprogramforthemethodofdynamicrun-timedataprocessing,andrecordthespreadofdataprocessingtoidentifythedependenciesbetweenthepurposeofdataresultswiththesourcedata,soastoachievethepurposeofdetectingexploits.Themaincontributionofthisthesisisasfollows:(1)implementedaspreadbasedonthecontrolflowofthestain.Thisarticlenotonlytoachieveastream-basedstaincommunicationprocess,butalsotakesintoaccounttheinformationflowcontroldependencies.ProposedheuristicCFGdynamicallybuildthroughtheinstructionmapping,thebasicblockcombinationandpdomoftreeconstruction,andestablishcontroldependenciesbetweeninformationflowandcontrolflowanalysisalgorithmbasedoncontrolflowstaincommunicationprocess,tosolvethedynamictaintanalysisdetectedblindspotproblem.(2)Establishamorerigoroussafetytestingstrategy.Thisarticlebythemainstream IV exploitstheprincipleofin-depthanalysisofMBSLlanguagecombinedwiththeregularexpressionmorerigorousdefinitionofthesafetytestingstrategiestosolvetheproblemoflaxsecuritytestingstrategyunderreportingcandetectawiderrangeofexploits.(3)implementedaprototypedetectionsystembasedondynamictaintanalysisexploits.Thesystembydynamicallytrackingthespreadoftheflowofinformationinthebinaryobjectprogramatruntimetodetectandpreventuntrustedexternaldatafornon-safetydatamanipulation,andtherebycontainthesourceoftheattack.Thesystemdoesnotneedtoanalyzethetargetprogramsourcecode,canbeappliedtoallcommercialsoftware,exploitdetection,lowfalsenegativeandfalsepositiverate.Thelastexperimentofthispaperfromtwoaspectsofthefunctionalityandperformancetoprovethefeasibilityandeffectivenessoftheprototypesystem.Keywords:dynamictainting,informationflow,controlflow,exploit V 目录 第一章绪论.........................................................11.1研究目的与意义...................................................11.2研究现状.........................................................31.3论文主要工作.....................................................51.4论文的组织结构...................................................5第二章漏洞攻击与检测技术相关研究...................................62.1漏洞攻击技术研究.................................................62.1.1安全漏洞简介..............................................62.1.1.1安全漏洞定义........................................62.1.1.2安全漏洞分类........................................72.1.2缓冲区溢出攻击............................................82.1.2.1缓冲区溢出原理......................................82.1.2.2栈溢出攻击技术......................................92.1.2.3堆溢出攻击技术.....................................112.1.3SQL注入攻击..............................................132.1.4格式化字符串攻击.........................................142.1.5目录遍历攻击.............................................152.2漏洞攻击检测防御技术研究........................................172.2.1传统的检测技术研究.......................................172.2.1.1非执行栈技术.......................................172.2.1.2非执行堆与数据技术.................................172.2.1.3内存映射技术.......................................182.2.1.4地址空间随机化技术.................................182.2.1.5误用攻击检测.......................................19 VI 2.2.1.6异常攻击检测.......................
本文标题:基于动态污点分析的漏洞攻击检测技术研究与实现
链接地址:https://www.777doc.com/doc-5078968 .html