标题: | 操作利用非典型之拟真执行 Exploiting Atypical Symbolic Executions |
作者: | 邱世欣 Chiu, Shih-Hsin 黄世昆 Huang, Shih-Kun 资讯科学与工程研究所 |
关键字: | 拟真执行;缓冲区溢位;symbolic execution;buffer overflow |
公开日期: | 2010 |
摘要: | 软体安全日渐成为重要的研究主题,起因于越来越多的软体攻击行为发生,这些状况有一部份是源自于程式语言本身的缺陷,而另一方面也是程式设计师本身的粗心所导致。因此,我们将藉由软体侦测技术以减少这些问题。在论文中探讨目前被广泛运用的的程式漏洞-缓冲区溢位(Buffer overflow),例如西元2003年八月造成重大损失的疾风(Blaster)病毒即利用此种漏洞进行破坏。为了防止此类型的漏洞,本论文使用KLEE的符号执行模组(symbolic execution model)并引入新的记忆体对映机制(memory map)来探测缓冲区溢位。相较于传统的检测工具,本论文所提出的工具可确实产生、可利用的测资来触发漏洞的行为,进而证实漏洞的存在。这些测资事实上就是一组攻击字串,有别于骇客手动方式产生,我们将提出自动产生的方法。 Software security is getting more important recently. There are more and more attacks than before. It is partially due to some design flaws of the programming language and the lack of secure programming practices by programmers. The most serious vulnerability this thesis concerns with is buffer overflow, present in many C/C++ programs, such as the Blaster worm. For preventing from such vulnerabilities, we use symbolic execution with a new memory model supported by KLEE to detect buffer overflow vulnerabilities. This thesis actually generates an exploitable input to trigger buffer overflow and verify the presence of the vulnerability. The input suites we generate are realistic attacks. Unlike the usual hacking methods with manual techniques to reason on the tainting paths, we propose methods to generate exploitable input automatically. |
URI: | http://140.113.39.130/cdrfb3/record/nctu/#GT079755589 http://hdl.handle.net/11536/45934 |
显示于类别: | Thesis |
文件中的档案:
If it is a zip file, please download the file and unzip it, then open index.html in a browser to view the full text content.