本文關(guān)鍵詞： 動(dòng)態(tài)污點(diǎn)傳播 黑盒模糊測(cè)試 漏洞分析 約束驗(yàn)證 伯努利試驗(yàn)　出處：《中國(guó)科學(xué)技術(shù)大學(xué)》2017年碩士論文　論文類(lèi)型：學(xué)位論文

【摘要】：模糊測(cè)試是重要的二進(jìn)制漏洞挖掘方法。近些年來(lái)學(xué)術(shù)界嘗試將模糊測(cè)試與污點(diǎn)傳播、協(xié)議逆向、基因算法等技術(shù)相結(jié)合以提高其針對(duì)性。污點(diǎn)導(dǎo)向型模糊測(cè)試就是一種被廣泛借鑒和認(rèn)可的復(fù)合技術(shù)。然而由于漏洞機(jī)理的復(fù)雜性,且模糊測(cè)試本身缺乏完備的理論支撐,因而研究人員通常只驗(yàn)證了該技術(shù)的可行性,即能否成功挖掘出漏洞。對(duì)于技術(shù)本身的適用性、性能提升等基礎(chǔ)性理論問(wèn)題缺乏進(jìn)一步的研究。此外,該技術(shù)并不能對(duì)其關(guān)聯(lián)輸入進(jìn)行語(yǔ)義層次的限制,能否在繼續(xù)保留輕量級(jí)特點(diǎn)的同時(shí)為其賦予更強(qiáng)的目標(biāo)導(dǎo)向能力也是值得研究的方向。本文圍繞污點(diǎn)導(dǎo)向型模糊測(cè)試技術(shù),開(kāi)發(fā)研究所需基礎(chǔ)工具,重點(diǎn)研究了該技術(shù)的基礎(chǔ)性理論問(wèn)題及如何在保證技術(shù)輕量級(jí)特色的條件下予以改進(jìn)。主要研究?jī)?nèi)容與成果如下:(1)設(shè)計(jì)并實(shí)現(xiàn)了二進(jìn)制動(dòng)態(tài)分析引擎與并行模糊測(cè)試平臺(tái)。在動(dòng)態(tài)分析引擎的設(shè)計(jì)中,通過(guò)多種設(shè)計(jì)保證引擎的通用性與高擴(kuò)展性,主要包括基于pin與BAP的離線重放、基于Piqi的規(guī)范化軌跡格式描述、面向BIL中間語(yǔ)言等;在并行模糊測(cè)試平臺(tái)的設(shè)計(jì)中,提出了使用內(nèi)存虛擬硬盤(pán)技術(shù)轉(zhuǎn)移硬盤(pán)瓶頸,使平臺(tái)整體吞吐量大幅度提高。同時(shí),結(jié)合測(cè)試機(jī)器內(nèi)外環(huán)境優(yōu)化、基于vmtools的腳本式管理等技術(shù)改善了平臺(tái)穩(wěn)定性及管理便捷性。這些工具為后續(xù)研究提供了高效、高可控的基本平臺(tái);(2)結(jié)合漏洞實(shí)例與數(shù)學(xué)分析研究了污點(diǎn)導(dǎo)向型模糊測(cè)試技術(shù)的適用限制及性能提升問(wèn)題。在適用限制問(wèn)題研究中,綜合14個(gè)CVE漏洞的手工分析與前述基礎(chǔ)工具的細(xì)粒度調(diào)試結(jié)果,建立了污點(diǎn)的元數(shù)據(jù)傳播模型,解釋了該技術(shù)存在的主要限制;在性能提升問(wèn)題研究中,通過(guò)假設(shè)模糊測(cè)試變異前后樣本比特長(zhǎng)度不變,將模糊測(cè)試抽象成伯努利概型。利用概率論知識(shí),求出該技術(shù)相比傳統(tǒng)模糊測(cè)試的效率提升公式,依據(jù)公式下界值總結(jié)效率提升隨關(guān)鍵參數(shù)的變化趨勢(shì)。實(shí)驗(yàn)結(jié)果表明,效率提升公式的計(jì)算值接近實(shí)際值,具有良好的參考價(jià)值。上述工作為該技術(shù)的基礎(chǔ)理論研究提供系統(tǒng)、數(shù)學(xué)的補(bǔ)充;(3)提出并分析了一種基于約束驗(yàn)證的改進(jìn)方法。改進(jìn)方法受啟發(fā)于動(dòng)態(tài)符號(hào)執(zhí)行技術(shù),但使用約束驗(yàn)證替代約束求解以保證原技術(shù)的輕量級(jí)特點(diǎn)—改進(jìn)方法收集約束生成約束驗(yàn)證器,并以約束濾層的方式加進(jìn)原技術(shù)流程,通過(guò)省去"過(guò)畸形"變異樣本的實(shí)際測(cè)試來(lái)提升效率。該改進(jìn)對(duì)于不同類(lèi)型的漏洞,效果與最佳配置存在差異,本文給出了整數(shù)溢出型漏洞下改進(jìn)方法的最佳配置。此外,改進(jìn)方法具有很高的并行潛力,在多線程、進(jìn)程環(huán)境下能獲取更大的效率收益。實(shí)驗(yàn)結(jié)果表明,針對(duì)整數(shù)溢出型漏洞,改進(jìn)方法相比原技術(shù),效率提升了 2-4倍。
[Abstract]:Fuzzy testing is an important binary vulnerability mining method. In recent years, the academic circles try to spread fuzzy test and stain, and reverse the protocol. In order to improve the pertinence of genetic algorithms and other technologies, stain oriented fuzzy testing is a widely used and recognized composite technology. However, because of the complexity of vulnerability mechanism. And the fuzzy test itself is lack of complete theoretical support, so researchers usually only verify the feasibility of the technology, that is, whether the holes can be successfully excavated, and the applicability of the technology itself. The basic theoretical problems such as performance improvement are lack of further research. In addition, this technique can not limit the semantic level of the associated input. It is also worth studying whether we can keep the lightweight characteristics while giving it a stronger goal-oriented ability. In this paper, the basic tools are needed to develop and study the blemish oriented fuzzy testing technology. The basic theoretical problems of the technology and how to improve it under the condition of ensuring the lightweight characteristics of the technology are studied emphatically. The main research contents and results are as follows: 1). The binary dynamic analysis engine and the parallel fuzzy test platform are designed and implemented. The generality and high expansibility of the engine are ensured by various designs, including off-line playback based on pin and BAP, standardized track format description based on Piqi, BIL oriented intermediate language and so on. In the design of parallel fuzzy test platform, using memory virtual hard disk technology to transfer the bottleneck of hard disk, so that the overall throughput of the platform is greatly improved. At the same time, combined with the test machine inside and outside environment optimization. Scripting management based on vmtools improves platform stability and management convenience. These tools provide an efficient and highly controllable platform for future research. 2) combined with the example of vulnerability and mathematical analysis, this paper studies the application limitation and performance improvement of stain oriented fuzzy test technology. Based on the manual analysis of 14 CVE vulnerabilities and the fine-grained debugging results of the aforementioned basic tools, a tainted metadata propagation model is established, and the main limitations of the technology are explained. In the study of performance improvement, the fuzzy test is abstracted into Bernoulli probability form by assuming that the sample bit length is invariant before and after the fuzzy test mutation. Compared with the traditional fuzzy test, the efficiency promotion formula of this technique is obtained, and the change trend of efficiency improvement with key parameters is summarized according to the lower bound value of the formula. The experimental results show that the calculation value of efficiency promotion formula is close to the actual value. It has good reference value. The above work provides the supplement of system and mathematics for the basic theory research of this technology. An improved method based on constraint verification is proposed and analyzed. The improved method is inspired by the dynamic symbolic execution technique. But the constraint verification is used to replace the constraint solution to ensure the lightweight characteristics of the original technology. The improved method collects constraint generation constraint validators and adds the original technical process in the way of constraint filter. Efficiency can be improved by eliminating the actual test of the "over-deformity" mutation sample. The effect of this improvement differs from that of the best configuration for different types of vulnerabilities. In this paper, the optimal configuration of the improved method under integer overflow vulnerability is given. In addition, the improved method has high parallelism potential, and can obtain more efficiency gains under multi-thread and process environment. The experimental results show that the improved method has better efficiency. The efficiency of the improved method is 2-4 times higher than that of the original technique.
【學(xué)位授予單位】：中國(guó)科學(xué)技術(shù)大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2017
【分類(lèi)號(hào)】：TP311.53

【參考文獻(xiàn)】

相關(guān)期刊論文 前1條

1 李偉明;張愛(ài)芳;劉建財(cái);李之棠;;網(wǎng)絡(luò)協(xié)議的自動(dòng)化模糊測(cè)試漏洞挖掘方法[J];計(jì)算機(jī)學(xué)報(bào);2011年02期

，

本文編號(hào)：1456028