摘要
基于细粒度二进制动态分析平台,提出通过系统调用参数的污点分析构建软件行为模型的方法。该方法主要在指令级别监控应用程序运行,跟踪系统调用参数的污点传播获取参数与参数、局部变量和外部数据之间的关联关系,进而抽取出参数的污点传播链。其次,基于参数污点传播链和系统调用序列构造能够同时反映控制流和数据流特性的软件动态行为模型。最后,分析和验证该模型具备检测隐秘的非控制流数据攻击的能力。
Based on the method to construct the fine-grained binary software behavior method obtains the associations between the and between an argument and a foreign data dynamic analysis platform, we propose a taint analysis model using the system call arguments. Firstly, the arguments, between an argument and a local variable, through monitoring the applications running and tracking the taint propagation of system call arguments at the instruction level, and then the taint propagation chains between arguments are generated. Secondly, a software behavior model, which covers control-flow and data-flow, is built according to these chains and system call sequence. Finally, the experimental and analytical results demonstrate that this model can be used to detect stealthy noncontrol attacks.
出处
《中国科学院大学学报(中英文)》
CSCD
北大核心
2017年第5期647-656,共10页
Journal of University of Chinese Academy of Sciences
基金
院部合作基金(AQ1703
AQ1708)资助
关键词
系统调用参数
非控制数据
虚拟机
动态污点分析
入侵检测
system call arguments
non-control data
virtual machine
dynamic taint analysis
intrusion detection
