摘要
针对可执行程序中难以发现的内存脆弱性,提出了一种基于内存访问轨迹的程序脆弱性检测方法.应用有限状态机模型,将内存访问的轨迹看作各状态之间的转化,基于其中不合法的转化定义了几种内存脆弱性及约束条件:内存泄漏、未初始化读、双重释放、释放后读写、死写以及重复频繁读.借助二进制插桩工具Intel-Pin获取可执行程序的内存访问轨迹,结合自定义的内存脆弱性约束,通过约束求解器混合求解,从而确定程序的内存脆弱性类别和位置.结果表明:本文方法可以检测出一些可执行程序中普遍存在的内存脆弱性以及低效代码,同时也能检测出近几年曝出的危害极大的内存漏洞及其变种.
Aiming at the memory vulnerability that is difficult to find in executable programs,this paper proposes a program vulnerability detection method based on memory access trace.We apply the finite state machine model to treat the memory access as a transformation between some states.Based on the illegal transformation,we define several memory vulnerabilities and constraints:memory leak,uninitialized read,double free,use-after-free,dead write,and reread frequently.Using the binary instrum entation tool Intel-Pin to obtain the memory access trace of the executable program,combined with the memory vulnerability constraint,the solution solver is mixed and solved to determine the memory vulnerability category and location of the program.The results show that the proposed method can detect the memory vulnerability and inefficient code that are common in some executable programs,moreover,it can detect the extremely harmful memory leaks and their variants exposed in recent years.
作者
彭双和
韩静
PENG Shuanghe;HAN Jing(School of Computer and Information Technology,Beijing Jiaotong University,Beijing 100044,China)
出处
《北京交通大学学报》
CAS
CSCD
北大核心
2020年第5期55-62,共8页
JOURNAL OF BEIJING JIAOTONG UNIVERSITY
基金
国家自然科学基金(U1836105)。
关键词
网络空间安全
内存脆弱性
内存轨迹
约束求解
cyberspace security
memory vulnerabilities
memory trace
constraint solving
