摘要: 为解决动态污点跟踪系统不能跨主机跟踪污点的问题,在Temu系统的基础上,提出基于应用程序编程接口Hook的污点跟踪方法。通过Hook插件完成对网络I/O函数的拦截,发送端Hook插件将污点数据和污染信息进行封装,接收端Hook插件解析数据包并根据污染信息对污点数据进行标记,由此实现跨主机动态污点跟踪。实验结果表明,基于该方法的原型系统可以实现跨主机污染传播,为动态污点跟踪技术在分布式环境中的应用提供支持。
关键词:
动态污点跟踪,
Temu系统,
数据流,
动态二进制分析,
应用程序编程接口Hook
Abstract: In order to solve the problem that taint tracking system can not realize cross-host dynamic taint tracking, based on Temu system, a taint tracking method based on Application Programming Interface(API) Hook is presented. It fulfills the interception of network I/O related system calls by Hook plug-ins, which embeds Hook services into API function calls to accomplish cross-host taint propagation. Taint data and information are encapsulated by Hook plug-in at sender. Hook plug-in analyzes data packets and marks taint data tainted according to taint information at receiver, so that cross-host dynamic taint tracking is realized. Experimental result indicates that the prototype system can implement cross-host taint propagation, which is helpful to application with dynamic taint tracking in distributed environment.
Key words:
dynamic taint tracking,
Temu system,
data flow,
dynamic binary analysis,
Application Programming Interface(API) Hook
中图分类号:
任飞飞, 庄洪林, 吴礼发, 潘璠. 跨主机动态污点跟踪技术研究[J]. 计算机工程, 2013, 39(3): 162-166.
LIN Fei-Fei, PENG Hong-Lin, TUN Li-Fa, BO Fan. Research on Cross-host Dynamic Taint Tracking Technology[J]. Computer Engineering, 2013, 39(3): 162-166.