计算机工程

• 安全技术 • 上一篇    下一篇

漏洞利用工具研发框架研究

王炎,刘嘉勇,刘亮,贾鹏,刘露平   

  1. (四川大学 信息安全研究所,成都 610065)
  • 收稿日期:2017-04-19 出版日期:2018-03-15 发布日期:2018-03-15
  • 作者简介:王炎(1992—),男,硕士研究生,主研方向为Windows安全、漏洞挖掘;刘嘉勇,教授、博士生导师;刘亮,讲师、博士;贾鹏、刘露平,博士研究生。

Research on Vulnerability Utilization Tool Development Framework

WANG Yan,LIU Jiayong,LIU Liang,JIA Peng,LIU Luping   

  1. (Information Security Institute,Sichuan University,Chengdu 610065,China)
  • Received:2017-04-19 Online:2018-03-15 Published:2018-03-15

摘要: 目前已有的漏洞利用平台支持的二进制漏洞种类不多,并且这些平台的灵活性和开发效率较低,缺少专门针对二进制漏洞利用工具的研发和生成系统。为此,提出一种新的二进制漏洞利用工具自动化生成框架。把漏洞利用过程模块化,通过多种模块组合的方式快速灵活地进行漏洞利用工具的研发和自动化生成。针对每个模块的不同特点,采用不同的设计方案,以实现更短的开发周期和更高的开发效率。实验结果表明,该框架简单易用,具有较高的灵活性和扩展性。

关键词: 漏洞利用, 二进制漏洞, 模块化, shellcode模块, 研发框架

Abstract: At present,the number of binary vulnerabilities supported by existing vulnerability utilization platforms is not much,and the flexibility and development efficiency of these platforms is low.There are few utilization tool R & D and generation systems specifically for binary vulnerabilities.Therefore,this paper presents a new automatic generation framework for binary vulnerability exploit tool.The framework modularizes the exploit process.The development and automation of vulnerability utilization tools are quickly and flexibly generated through a variety of modular combinations.According to the different characteristics of each module,different design is used to achieve a shorter development cycle and higher development efficiency.Experimental results show that the framework is simple and easy to use,with high flexibility and extensibility.

Key words: vulnerability utilization, binary vulnerability, modularization, shellcode module, development framework

中图分类号: