作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2020, Vol. 46 ›› Issue (10): 151-158. doi: 10.19678/j.issn.1000-3428.0055750

• 网络空间安全 • 上一篇    下一篇

基于符号执行的堆溢出fastbin攻击检测方法

张超1, 潘祖烈1, 樊靖2   

  1. 1. 国防科技大学 电子对抗学院, 合肥 230037;
    2. 北海舰队, 山东 青岛 266000
  • 收稿日期:2019-08-15 修回日期:2019-11-18 发布日期:2019-11-20
  • 作者简介:张超(1995-),男,硕士研究生,主研方向为网络安全;潘祖烈,副教授、博士;樊靖,学士。
  • 基金资助:
    国家重点研发计划重点专项"网络空间安全"(2017YFB0802905)。

Detection Method for Heap Overflow fastbin Attack Based on Symbolic Execution

ZHAO Chao1, PAN Zulie1, FAN Jing2   

  1. 1. College of Electronic Engineering, National University of Defense Technology, Hefei 230037, China;
    2. Beihai Fleet, Qingdao, Shandong 266000, China
  • Received:2019-08-15 Revised:2019-11-18 Published:2019-11-20

摘要: 为弥补当前软件漏洞自动检测系统无法对含堆溢出漏洞的程序进行自动检测的缺陷,提出一种Linux平台下面向堆溢出的fastbin攻击的自动检测方法。基于已有的fastbin攻击实例,利用fastbin攻击特征,建立fastbin攻击检测模型,并基于该模型给出一种fastbin攻击检测方法。运用污点分析和符号执行技术,通过监控符号数据到达漏洞触发点的关键信息构建路径约束以及触发fastbin攻击的数据约束,基于对约束的求解,判断程序是否存在fastbin攻击的可能,并生成测试用例。实验结果表明,面向堆溢出的fastbin攻击检测方法能够实现对fastbin攻击的准确检测。

关键词: 堆溢出, fastbin攻击, 符号执行, 污点分析, 约束构建

Abstract: The existing automatic detection systems for software vulnerabilities fail to automatically detect the programs with heap overflow vulnerabilities.To address the problem,this paper proposes an automatic detection method for heap overflow fastbin attacks on Linux platforms.Based on the fastbin attack examples,the characteristics of fastbin attacks are used to establish a detection model for fastbin attacks,and on this basis a detection method of fastbin attacks is proposed.The method uses the technique of stain analysis and symbolic execution to monitor the key information of symbol data reaching the vulnerability trigger point,and on this basis constructs path constraints and data constraints that trigger fastbin attacks.Based on the solution of constraints,the possibility of fastbin attacks in the program can be judged and test cases can be generated.Experimental results show that the proposed heap overflow fastbin attack detection method can effectively detect fastbin attacks.

Key words: heap overflow, fastbin attack, symbolic execution, stain analysis, constraint construction

中图分类号: