作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2013, Vol. 39 ›› Issue (3): 162-166. doi: 10.3969/j.issn.1000-3428.2013.03.032

• 安全技术 • 上一篇    下一篇

跨主机动态污点跟踪技术研究

任飞飞1,庄洪林2,吴礼发2,潘 璠2   

  1. (1. 中国人民解放军61660部队,北京 100089;2. 解放军理工大学指挥信息系统学院,南京 210007)
  • 收稿日期:2011-12-05 出版日期:2013-03-15 发布日期:2013-03-13
  • 作者简介:任飞飞(1988-),男,硕士研究生,主研方向:网络安全;庄洪林,高级工程师、硕士;吴礼发,教授、博士; 潘 璠,博士研究生
  • 基金资助:
    江苏省自然科学基金资助项目(BK2011115)

Research on Cross-host Dynamic Taint Tracking Technology

REN Fei-fei 1, ZHUANG Hong-lin 2, WU Li-fa 2, PAN Fan 2   

  1. (1. Chinese People’s Army 61660 Armed Forces, Beijing 100089, China; 2. Institute of Command Information System, PLA University of Science and Technology, Nanjing 210007, China)
  • Received:2011-12-05 Online:2013-03-15 Published:2013-03-13

摘要: 为解决动态污点跟踪系统不能跨主机跟踪污点的问题,在Temu系统的基础上,提出基于应用程序编程接口Hook的污点跟踪方法。通过Hook插件完成对网络I/O函数的拦截,发送端Hook插件将污点数据和污染信息进行封装,接收端Hook插件解析数据包并根据污染信息对污点数据进行标记,由此实现跨主机动态污点跟踪。实验结果表明,基于该方法的原型系统可以实现跨主机污染传播,为动态污点跟踪技术在分布式环境中的应用提供支持。

关键词: 动态污点跟踪, Temu系统, 数据流, 动态二进制分析, 应用程序编程接口Hook

Abstract: In order to solve the problem that taint tracking system can not realize cross-host dynamic taint tracking, based on Temu system, a taint tracking method based on Application Programming Interface(API) Hook is presented. It fulfills the interception of network I/O related system calls by Hook plug-ins, which embeds Hook services into API function calls to accomplish cross-host taint propagation. Taint data and information are encapsulated by Hook plug-in at sender. Hook plug-in analyzes data packets and marks taint data tainted according to taint information at receiver, so that cross-host dynamic taint tracking is realized. Experimental result indicates that the prototype system can implement cross-host taint propagation, which is helpful to application with dynamic taint tracking in distributed environment.

Key words: dynamic taint tracking, Temu system, data flow, dynamic binary analysis, Application Programming Interface(API) Hook

中图分类号: