防毒軟體系統之安全性評估

Abstract

電腦防毒軟體原本是重要資安的防護工具，但因為防毒系統必須涉及各種檔案格式，包 含加密格式、archive 格式、執行檔、動態連結檔DLL 等格式的解讀與識別，其檔案 處理的複雜程度遠高於一般作業系統，因此引含許多軟體缺陷，並容易遭受攻擊。本研 究將運用KLEE symbolic virtual machine ，配合QEUMU (emulator) 的使用，針對 目前普遍使用之防毒軟體系統，進行symbolic/concolic/fuzzing 測試，主動探測此 重要資安系統的安全強度，並試圖轉換缺陷為可供運用的攻擊弱點，呈現防毒軟體可能 導致的資安威脅。這些測試找出的缺陷將是極為重要的資安攻擊資產。

Anti-virus software is originally deployed for computer security purpose. However, the anti-virus system must interpreter all possible data file format, including encryption, archive, executable, dynamic link library, etc. The processing complication is far from the file processing capability of a general OS, and therefore, the error-prone characteristics of anti-virus will introduce more vulnerabilities inherently.In this research, we will emply KLEE symbolic virtual machine, and combine with QEMU (emulator), focusing on the ordinary anti-virus system, to perform symbolic/concolic/fuzzing testing. We actively explore if such an important security assets may be with weakness, trying to exploit these weaknesses and convert into exploits. This research will exhibit the threats, introduced by anti-virus system. These tests, with potential exploits will be a vital assets for information security.