基于逆向计算的细粒度污点分析方法

doi:10.3969/j.issn.1000-1565.2019.04.016

河北大学学报(自然科学版) ›› 2019, Vol. 39 ›› Issue (4): 437-443.DOI: 10.3969/j.issn.1000-1565.2019.04.016

基于逆向计算的细粒度污点分析方法

屈雪晴,张圣昌

收稿日期:2018-09-13 出版日期:2019-07-25 发布日期:2019-07-25
作者简介:屈雪晴(1994—),女,河北廊坊人,河北大学在读硕士研究生,主要从事分布计算和网络技术研究. E-mail:724165288@qq.com
基金资助:
河北大学研究生创新项目(hbu2018ss58)

Finer-grained taint analysis method based on reverse computing

QU Xueqing, ZHANG Shengchang

School of Cyber Security and Computer, Hebei University, Baoding 071002, China

Received:2018-09-13 Online:2019-07-25 Published:2019-07-25

摘要/Abstract

摘要： 精度是污点分析的核心考虑因素.目前的污点分析方法,包括比特级污点分析的研究中,细粒度逻辑语义会导致精度缺失问题,而精度缺失直接致使“过度污点”现象.本文讨论了现有污点分析算法的局限性,阐述了污点传播过程中产生“过度污点”现象的原因,并提出一种基于逆向计算的细粒度污点分析方法,通过规定逆向计算规则,考虑语句的语义逻辑,推算污点传播策略.对未混淆代码和混淆代码分别进行污点分析的实验结果表明,相比于传统的污点分析算法,基于逆向计算的污点分析算法对混淆代码能够减少50%的代码冗余,有效地避免了污点的过度传播.

关键词: 动态污点分析, 反混淆代码, 逆向计算, 过度污点

Abstract: The precision is a core consideration in dynamic taint analysis.Current dynamic taint analysis algorithms, including previous studies on bit-level dynamic taint analysis, have more or less defects that can lead to serious lack of precision, and the lack of precision directly leads to over-tainting problem.This paper discusses the limitations of the traditional dynamic taint analysis algorithm, and explains the causes of over-tainting during the taint propagation, and proposes a reverse-computing finer-grained dynamic taint analysis algorithm to generate the strategy of taint propagation.Experiments using the deobfuscation tool show that the dynamic taint analysis algorithm proposed in this paper can reduce code redundancy by 50% and significantly avoid the problem of over-tainting.

Key words: dynamic taint analysis, deobfuscation code, reverse computing, over-tainting

中图分类号:

TP309

屈雪晴,张圣昌. 基于逆向计算的细粒度污点分析方法[J]. 河北大学学报(自然科学版), 2019, 39(4): 437-443.

QU Xueqing, ZHANG Shengchang. Finer-grained taint analysis method based on reverse computing[J]. Journal of Hebei University (Natural Science Edition), 2019, 39(4): 437-443.

参考文献

[1] NEWSOME J, SONG D. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software[C] //In Proceedings of the 12th Network and Distributed System Security Symposium. 2005, 5: 3-4.
[2] KEMERLIS V P, PORTOKALIDIS G, JEE K, et al. Libdft:practical dynamic data flow tracking for commodity systems[Z].The 8th ACM SIGPLAN/SIGOPS Conference on Virtual Execution Environments, London, England, 2012. DOI: 10.1145/2151024.2151042.
[3] DYCHKA I, TEREIKOVSKYI I, TEREIKOVSKA L, et al. Deobfuscation of computer virus malware code with value state dependence graph[C] //International Conference on Computer Science, Engineering and Education Applications, Springer, Cham, 2018:370-379.DOI:10.1007/978-3-319-91008-6_37.
[4] SHENEAMER A, ROY S, KALITA J. A detection framework for semantic code clones and obfuscated code[J]. Expert Systems With Applications, 2018, 97: 405-420.DOI:10.1016/j.eswa.2017.12.040.
[5] NETHERCOTE N, SEWARD J. Valgrind:A framework for heavyweight dynamic binary instrumentation[J]. AcmSigplan Notices, 2007, 42(6):89-100. DOI:10.1145/1273442.1250746.
[6] CAI J, ZOU P, XIONG D, et al. A guided fuzzing approach for security testing of network protocol software[Z]. 6th IEEE International Conference on Software Engineering and Service Science(ICSESS), Beijing, 2015. DOI: 10.1109/ICSESS.2015.7339160.
[7] CLAUSE J, LI W, ORSO A. Dytan: a generic dynamic taint analysis framework[Z].The 2007 International Symposium on Software Testing and Analysis,ACM,New York, 2007. DOI: 10.1145/1273463.1273490.
[8] ENCK W, GILBERT P, CHUN B G, et al. TaintDroid: an information-flow tracking system for real-time privacy monitoring on smartphones[J]. Transactions on Computer Systems, ACM,New York, 2014,32(2):1-29.DOI: 10.1145 / 2494522.
[9] DAI P, PAN Z, LI Y. A review of researching on dynamic taint analysis technique[Z].2018 3rd Joint International Information Technology, Mechanical and Electronic Engineering Conference, Paris, France,2018.. DOI:10.2991/jimec-18.2018.25.
[10] BANESCU S, COLLBERG C, GANESH V, et al. Code obfuscation against symbolic execution attacks[Z]. The 32nd Annual Conference on Computer Security Applications,ACM, New York, USA,2016. DOI:10.1145/2991079.2991114.
[11] 王蕾, 李丰, 李炼, 等. 污点分析技术的原理和实践应用[J]. 软件学报, 2017, 28(4):860-882.DOI: 10.13328/j.cnki.jos.005190.
[12] YADEGARI B, JOHANNESMEYER B, WHITELY B, et al. A generic approach to automatic deobfuscation of executable code[Z].IEEE Symposium on Security and Privacy, 2015. New York, USA. DOI:10.1109/SP.2015.47.
[13] YADEGARI B, DEBRAY S. Bit-level taint analysis[Z].IEEE International Working Conference on Source Code Analysis and Manipulation, Victoria, BC, Canada, 2014.DOI:10.1109/scam.2014.43.
[14] XU Z, SHI C, CHENG C C, et al. A dynamic taint analysis tool for android app forensics[Z].2018 IEEE Security and Privacy Workshops(SPW), San Francisco, 2018.DOI:10.1109/SPW.2018.00031.

基于逆向计算的细粒度污点分析方法

Finer-grained taint analysis method based on reverse computing

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 12

编辑推荐

Metrics

本文评价

[1]	齐晓娜, 王佳,徐东升, 张宇敬, 郭佳,刘阳. 基于改进的k-means差分隐私保护方法在位置隐私保护中的应用[J]. 河北大学学报(自然科学版), 2018, 38(3): 315-320.
[2]	杜瑞忠,赵芳华. 云环境下密文策略的权重属性多中心加密方案[J]. 河北大学学报(自然科学版), 2017, 37(5): 531-536.
[3]	李海颖,张江霄,隋春荣. 基于可传递性的公平的外包计算协议[J]. 河北大学学报(自然科学版), 2017, 37(5): 555-560.
[4]	刘振鹏,蔄志贤,胡倩茹,刘晓丹. 改进的基于身份的数据完整性验证方案[J]. 河北大学学报(自然科学版), 2017, 37(1): 86-91.
[5]	王玉玺, 周文军, 杨剑. 针对客户端的恶意代码分析与研究[J]. 河北大学学报(自然科学版), 2015, 35(2): 193-198.
[6]	齐耀龙,刘慧君,邓娜. 自律式容侵安全数据库模型[J]. 河北大学学报(自然科学版), 2014, 34(3): 312-316.
[7]	李维仙. 开放式数字作品传播系统ODWTS的建立与分析[J]. 河北大学学报(自然科学版), 2011, 31(3): 319-324.
[8]	荣成林. Logistic映射在提高DES安全性中的应用[J]. 河北大学学报(自然科学版), 2011, 31(2): 218-224.
[9]	高立敏,李俊,于会萍,肖艳芹. 基于TPM的资源共享模型及访问机制[J]. 河北大学学报(自然科学版), 2010, 30(4): 445-448.
[10]	李维仙,白笑宇. 文本数字水印的概率算法及其可靠性[J]. 河北大学学报(自然科学版), 2010, 30(3): 327-332.
[11]	王凤先,曾斌,张海帆,常卓. 计算机免疫系统中沙盒主机的负载平衡[J]. 河北大学学报(自然科学版), 2005, 25(4): 434-438.
[12]	刘振鹏,张庆文,李泽园,刘嘉航,董姝慧,赵永刚. 软件定义网络中基于贝叶斯ARTMAP的DDoS攻击检测模型[J]. 河北大学学报(自然科学版), 2021, 41(6): 728-733.