帳號:guest(44.198.180.108)          離開系統
字體大小: 字級放大   字級縮小   預設字形  

詳目顯示

以作者查詢圖書館館藏以作者&題名查詢臺灣博碩士以作者查詢全國書目
作者:賴俊維
論文名稱(中文):針對大型程式微軟執行檔之失控分析並自動化攻擊產生
論文名稱(英文):Automatic Exploitable Crash Analysis for Large MS-Windows Binaries
指導教授(中文):黃世昆
學位類別:碩士
校院名稱:國立交通大學
系所名稱:資訊科學與工程研究所
學號:9955603
出版年(民國):101
畢業學年度:101
語文別:中文
論文頁數:28
中文關鍵詞:軟體測試攻擊程式碼控制流程劫持
外文關鍵詞:Software TestingExploitControl Flow Hijacking
相關次數:
  • 推薦推薦:1
  • 點閱點閱:324
  • 評分評分:*****
  • 下載下載:0
  • 收藏收藏:0
隨著電腦科技的發展,軟體開發也如雨後春筍般蓬勃興盛,但在開發軟體的過程中,程式設計師可能為了求取快速,往往忽略掉軟體品質的重要性。而錯誤或使用不安全的函式,也因此造成現有軟體中存在著許多安全問題。
在本篇論文中,我們主要檢測的對象為Windows視窗環境的大型應用軟體,並利用現有的S2E平台架構,來實現我們的目標,但由於受到原先S2E架構的限制,在對於大型應用軟體做檢測的過程中必須耗費許多的時間。因此我們修改S2E部分程式碼,提出了fast concolic testing的概念來加速整個流程,使得我們能夠在可接受的時間內,完成path constraints的收集,並利用exploit generation來產生exploit code。由於原先的exploit generation是針對Linux作業平台來設計,而Linux和Windows平台在作業系統架構上有相當的差異,因此我們必須針對Windows系統的架構,另外開發一套exploit generation的機制。
綜合了上述所提到的concolic testing技術以及針對windows環境所設計的exploit generation,我們可以順利地針對視窗環境的大型應用軟體產生出exploit code,而此概念也已於許多實驗結果中得到驗證。
摘要 ii
致謝 iii
Table of Contents iv
List of Figures vi
List of Tables vii
1.Introduction 1
1.1.Motivation 1
1.2.Problem Description 2
1.3.Objective 2
1.4.Overview 2
2.Background 3
2.1. Symbolic Testing 3
2.2. Concolic Testing 4
2.3. Common Vulnerabilities 5
2.3.1 Stack Buffer Overflow 5
2.3.2. Heap Buffer Overflow 6
2.3.3. S.E.H Buffer Overflow 6
2.4. CPU Architecture and Operating System 8
3.Related Work 9
4.Method 11
4.1. S2E overview 11
4.2. Fast Concolic 13
4.3. Exploit Generation 15
4.3.1.Register Corrupted Detection 15
4.3.2.Generate Exploit Code 16
5.Implementation 18
5.1. Fast Concolic 18
5.2. Exploit Generation 20
5.2.1.Regiater Corruption Detection 20
5.2.2Generate Exploit Code 21
6.Results 23
6.1.Testing method and Environment 23
6.2.Real-world programs 23
7.Conclusion 25
8.Future works 26
Reference 27
[1] Sen, K. (2007). Concolic testing. In Acm (Ed.), Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering (pp. 571–572).
[2] K. SEN, Concolic testing, ACM, 2007, pp. 571-572.
[3] R. MAJUMDAR and K. SEN, Hybrid concolic testing, IEEE Computer Society, 2007, pp. 416-426.
[4] Chipounov, V., Kuznetsov, V., & Candea, G. (2012). The S2E Platform: Design, Implementation, and Applications. ACM Trans.Comput.Syst., 30(1), 1–49
[5] King, J. C. (1976). Symbolic execution and program testing. Commun. ACM, 19(7), 385–394.
[6] C. S. P˘as˘areanu andW. Visser, “A survey of new trends in symbolic execution for software testing and analysis,” International Journal on Software Tools for Technology Transfer(STTT), vol. 11, no. 4, pp. 339–353, 2009.
[7] E. J. Schwartz, T. Avgerinos, and D. Brumley, “All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask),” in Proceedings of the 31st IEEE Symposium on Security and Privacy (S&P 2010), Berleley/Oakland, California, USA, May 2010, pp. 317–331.
[8] P. Godefoid, N. Klarlund and K. Sen, DART: directed automated random testing, ACM, 2005, pp. 213-223.
[9] K. Sen, D. Marinov and G. Agha, CUTE: a concolic unit testing engine for C, ACM, 2005.
[10] C. Cadar, D. Dunbar and D. Engler, KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs, USENIX Association, 2008, pp. 209-224.
[11] C. Lattner and V. S. Adve, “LLVM: A Compilation Framework for Lifelong Program Analysis & Transformation,” in Proceedings of the 2nd IEEE / ACM International Symposium on Code Generation and Optimization (CGO’04), San Jose, CA, USA, March 2004,pp. 75–88.
[12] T. Avgerinos, S. K. Cha, B. L. T. Hao, and D. Brumley, “AEG: Automatic Exploit Generation,” in Proceedings of the Network and Distributed System Security Symposium (NDSS’11), San Diego, California, USA, February 2011.
[13] Cha, A. R. S. K., Avgerinos, T., & Brumley, D. (2012). Unleashing mayhem on binary code. In IEEE Symposium on Security and Privacy (Vol. 2, pp. 5–3).
[14] S. Heelan and D. Kroening, “Automatic Generation of Control Flow Hijacking Exploits for Software Vulnerabilities,” MSc Computer Science Dissertation, University of Oxford UK, 2009.
[15] V. Ganesh and D. L. Dill, “A Decision Procedure for Bit-Vectors and Arrays,” in Proceedings of the 19th International Conference on Computer Aided Verification (CAV’07),Berlin, Germany, July 2007, pp. 519–531.
[16] C. Barrett and C. Tinelli, “CVC3,” in Proceedings of the 19th International Conference on Computer Aided Verification (CAV’07), Berlin, Germany, July 2007, pp. 298–302.
[17] B. Dutertre and L. de Moura, “The Yices SMT solver,” Computer Science Laboratory,SRI International, Tech. Rep., August 2006.
[18] L. M. de Moura and N. Bjørner, “Z3: An Efficient SMT Solver,” in Proceedings of the 14th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS’08), Budapest, Hungary, March - April 2008, pp. 337–340.
(此全文限內部瀏覽)
電子全文
 
 
 
 
第一頁 上一頁 下一頁 最後一頁 top
* *