| 基于程序状态变迁的ASLR机制脆弱性分析方法 |
| |
| 引用本文: | 黄宁,黄曙光,潘祖烈,常超.基于程序状态变迁的ASLR机制脆弱性分析方法[J].国防科技大学学报,2020,42(2). |
| |
| 作者姓名: | 黄宁 黄曙光 潘祖烈 常超 |
| |
| 作者单位: | 国防科学技术大学 电子对抗学院,国防科学技术大学 电子对抗学院,国防科学技术大学 电子对抗学院,国防科学技术大学 电子对抗学院 |
| |
| 基金项目: | 国家重点基础研究发展计划(973计划) |
| |
| 摘 要: | 地址随机化ASLR是一种针对控制流劫持漏洞的防御机制。已有的漏洞自动分析与利用技术缺少对地址随机化机制影响的分析,导致生成的测试用例在实际环境中的运行效果受到极大限制。针对地址随机化的缺陷及其绕过技术的特点,本文提出了一种地址随机化脆弱性分析方法。该方法使用有限状态机描述程序运行路径中各关键节点的状态;针对常见的内存泄漏与控制流劫持场景建立约束条件;通过求解内存泄露状态约束与控制流劫持状态约束的兼容性,分析地址随机化机制在特定场景下的脆弱性。实验结果显示,该方法可有效检测通过内存泄漏导致的地址随机化绕过及控制流劫持攻击,实现自动化的地址随机化脆弱性分析,提高针对软件安全性分析的效率。
|
| 关 键 词: | 地址随机化 控制流劫持 内存泄漏 有限状态机 |
| 收稿时间: | 2018/10/19 0:00:00 |
| 修稿时间: | 2019/4/28 0:00:00 |
Analysis to vulnerability of ASLR based on program states conversion |
| |
| Abstract: | Address space layout randomization (ASLR) is a defense mechanism to prevent the control-flow hijack. The lack of analysis of the impact of ASLR in existed automatic vulnerability analysis and exploit technologies makes the test cases difficult to be used in actual environment. Aiming at the defects of address randomization and features of its bypass technologies, this paper proposes an analysis method to the vulnerability of ASLR based on program states transition. This method uses the finite states machine (FSM) to describe the transition of each key state on the program path; builds constraints for some common scenes of memory leakage and control-flow hijack; analyzes the vulnerability of ASLR by solving the compatibility of memory leakage state constraints and control-flow hijack state constraints. The experimental results show that this method can effectively detect ASLR bypass and control-flow hijack attacks caused by memory leakage, realize the automatic vulnerability analysis of ASLR and improve the efficiency of software security analysis. |
| |
| Keywords: | address space layout randomization control-flow hijack memory leakage finite states machine |
|
| 点击此处可从《国防科技大学学报》浏览原始摘要信息 |
| 点击此处可从《国防科技大学学报》下载免费的PDF全文 |
|
