作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2021, Vol. 47 ›› Issue (1): 109-116. doi: 10.19678/j.issn.1000-3428.0056671

• 网络空间安全 • 上一篇    下一篇

一种基于表达式树的gadget语义分析技术

蒋楚, 王永杰   

  1. 国防科技大学 电子对抗学院, 合肥 230037
  • 收稿日期:2019-11-21 修回日期:2019-12-31 发布日期:2020-01-09
  • 作者简介:蒋楚(1995-),男,硕士研究生,主研方向为软件安全;王永杰,副教授。
  • 基金资助:
    国家部委基金。

A Technique of gadget Semantic Analysis Based on Expression Tree

JIANG Chu, WANG Yongjie   

  1. College of Electronic Countermeasture, National University of Defense Technology, Hefei 230037, China
  • Received:2019-11-21 Revised:2019-12-31 Published:2020-01-09

摘要: 代码重用攻击的实施过程较为繁杂,通常需要一些工具辅助人工来完成gadget序列的构建,但现有的自动化构建工具效率较低。在分析Ropper、angrop和BOPC等典型开源gadget工具语义分析内容的基础上,总结gadget语义分析应包含的要素,提出一种基于表达式树的gadget语义分析方法。通过表达式树变体描述寄存器和内存读写的表达式信息,提高gadget语义分析的效率。实现一个gadget搜索与语义分析工具SemExpr,针对现有gadget工具难以进行对比分析的问题,设计能对多种gadget工具进行效率和效能分析的实验系统gadgetAnalysis。基于该系统进行实验,结果表明,SemExpr工具能够权衡效率和效能,取得较好的语义分析效果。

关键词: 代码重用攻击, gadget序列自动化构建, 语义分析, 语义摘要, gadget工具

Abstract: Due to the complexity of implementing Code Reuse Attack(CRA),some tools are required to construct the gadget sequence,but the existing automation build tools are inefficient.Based on the semantic analysis of typical open-source gadget tools such as Ropper,angrop and BOPC,this paper abstracts the elements that should be included in the semantic analysis of gadget,and puts forward a kind of semantic analysis method for gadget based on expression tree.The method improves the efficiency of semantic analysis of gadget by using an variant of expression tree to describe the expression information of reading or writing registers and memory.On this basis,a gadget search and semantic analysis tool named SemExpr is implemented.As it is difficult to compare and analyze the existing tools,an experimental system named gadgetAnalysis is designed to analyze and compare the efficiency and performance of several gadget tools.Experimental results shows that SemExpr can balance the efficiency and performance,and achieve excellent semantic analysis effect.

Key words: Code Reuse Attack(CRA), automated gadget sequence generation, semantic analysis, semantic summary, gadget tool

中图分类号: