| 基于符号表达式的未知协议格式分析及漏洞挖掘 |
| |
| 作者姓名: | 罗成 张玉清 王龙 刘奇旭 |
| |
| 作者单位: | 中国科学院研究生院国家计算机网络入侵防范中心, 北京 100049 |
| |
| 基金项目: | 国家自然科学基金(61272481)和中国博士后科学基金(2011M500416,2012T50152)资助 |
| |
| 摘 要: | 针对网络通讯软件的Fuzzing技术受限于协议格式,尤其是未知协议难以保证测试效果,提出了基于符号表达式的协议分析方法.将数据包关键处理代码翻译为符号表达式,利用符号表达式的丰富含义加快未知协议格式分析,并依此开发了协议格式分析及漏洞挖掘框架PAVD.通过对亿邮客户端的漏洞测试,验证了PAVD能有效提升协议分析效率,为网络通讯软件Fuzzing测试提供良好的支持.
|
| 关 键 词: | 未知协议 Fuzzing 符号表达式 漏洞挖掘 |
| 收稿时间: | 2011-12-01 |
| 修稿时间: | 2012-04-13 |
Automatic network protocol analysis and vulnerability discovery based on symbolic expression |
| |
| Authors: | LUO Cheng ZHANG Yu-Qing WANG Long LIU Qi-Xu |
| |
| Institution: | National Computer Network Intrusion Protection Center, Graduate University, Chinese Academy of Sciences, Beijing 100049, China |
| |
| Abstract: | Fuzzing is an efficient method for ensuring software security. However, when one tests network-based software using this method, one may obtain unsatisfied results because of lacking the protocol format. To solve this problem, we propose a new protocol analysis technique based on symbolic expression. We use this technique to translate the crucial code into symbolic expressions and accelerate protocol analysis. In addition, we develop a translation framework which contains the function of automatic protocol format analysis and could export the protocol format to Peach platform. Finally, we apply our framework to analyze one target (eyou client) and obtain good results. |
| |
| Keywords: | unknown protocol Fuzzing symbolic expression vulnerability discovery |
|
| 点击此处可从《》浏览原始摘要信息 |
| 点击此处可从《》下载免费的PDF全文 |
|
