摘要: 针对程序漏洞,提出利用基于二进制的程序染色和程序分析技术来检测恶意攻击并有效定位程序漏洞,采用数据依赖关系分析和动态染色的方法,记录起传播作用的写指令及目的内存地址,当检测到漏洞攻击时,通过内存地址找到恶意写指令并定位漏洞。实验结果证明,该方法能成功定位常见内存漏洞的位置,并能定位到有漏洞的库函数的调用点。
关键词:
程序漏洞,
攻击检测,
程序染色,
缓冲区溢出,
格式化字符串
Abstract: This paper proposes an efficient mechanism to detect and locate the program vulnerability based on the binary taint analysis and program analysis techniques. The method adopts the data flow analysis and taint analysis. The taint analysis method records the instruction which propagates the taint flag as well as the memory address it writes to. When it detects the attack, it locates the bug by searching the malicious write instruction through the memory address it records. Results of experiments show that the system can localize popular vulnerabilities successfully, and it is able to localize library function call point.
Key words:
program vulnerability,
attack detection,
program tainting,
buffer overflow,
format string
中图分类号:
房 陈;茅 兵;谢 立. 基于动态染色的内存漏洞定位技术[J]. 计算机工程, 2010, 36(7): 139-141.
FANG Chen; MAO Bing; XIE Li. Memory-related Vulnerabilities Localization Technology Based on Dynamic Tainting[J]. Computer Engineering, 2010, 36(7): 139-141.