软件漏洞分析中的脆弱点定位方法

针对二进制程序漏洞成因复杂难以分析的问题,提出运用污点分析的软件脆弱点定位方法,并实现了一个工具原型Sword Checker。以动态污点追踪为基础,依据漏洞模式通过特征匹配来定位软件中的脆弱点,运用二分查找定位影响脆弱点的敏感字节。实验表明,使用Sword Checker能够精确快速识别定位软件中三种类型的脆弱点,已成功分析了多个已公开漏洞的成因,并已辅助挖掘出几个未公开漏洞。

Vulnerable spots localization methods for software vulnerability analysis

Software vulnerability is currently a hot topic in the field of information security. Although many achievements have been made in the research of vulnerability mining at home and abroad, with a lot of automatic vulnerability mining tools such as fuzzers come out, but the analysis of causes of vulnerabilities is still using manual analysis due to the lack of automatic analysis tool. Aiming at the difficulty in analysis of binary program vulnerabilities, we propose an approach for software vulnerable spots localization based on taint analysis, and implement a corresponding tool named SwordChecker. This method is based on dynamic taint tracing. It localizes software vulnerable spots by character matching according to vulnerability patterns, and localizes sensitive bytes of user input which affects the vulnerable spots by binary-search. Experiment results show that SwordChecker can accurately identify and localize three types of software vulnerable spots fast, has successfully analyzed the causes of multiple open vulnerabilities, and has assisted mining several undisclosed vulnerabilities.