摘要
依据整数溢出漏洞特征,该文在对220个实际整数溢出漏洞分析的基础上提出了3种检测策略来缓解静态分析技术的高误报问题。结合静态分析可直接获取整数溢出类型信息及动态分析获取整数溢出漏洞准确的优点,提出了动静结合的整数溢出漏洞分析方法。先利用程序静态分析技术分析整数溢出并获取整数溢出类型等相关信息,动态分析根据静态分析得到的信息,使用自动插桩技术对代码进行插桩,结合漏洞特征设计的重构表达式运行具体符号执行以提高漏洞分析的准确率。动静结合的整数溢出漏洞分析方法减少误报效果较好:对Lighttpd-1.4.29进行检测时减少误报374条,占总量的67.3%;对Linux内核3.4版本进行检测时减少误报159 761条,占总量的98.2%;并最终成功分析出CVE-2011-4362、CVE-2013-1763整数溢出漏洞。
Different software vulnerabilities have different characteristics. 220 integer overflow vulnerabilities are analyzed to develop three kinds of detection strategies to reduce the false positives from static analyses. Static analyses identify the type of integer overflow while dynamic analyses accurately identify the integer overflow vulnerability. This method combines the advantages of the two analyses to detect vulnerabilities. The static analysis is used to detect the integer overflow and obtain the integer overflow type and related information. This information is then used by the dynamic analysis to insert hooks into the code using the automatic pile technique. Then, the algorithm calls the integer overflow marker interface and performs symbolic execution with the reconstruction expressions. This method is used to analyze the Lighttpd-1. 4. 29 and Linux kernel 3.4 systems. This method can greatly reduce the number of false positives. The number of false positives for Lighttpd-l. 4. 29 is reduced by 374, accounting for 67.3% of the total. The number of false positives for Linux kernel 3.4 is reduced by 159 761, accounting for 98.2% of the total. This system also successfully finds the CVE-2011-4362 and CVE-2013-1763 integer overflow vulnerabilities.
出处
《清华大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2014年第9期1173-1178,共6页
Journal of Tsinghua University(Science and Technology)
基金
国家杰出青年科学基金项目(61125102)
关键词
漏洞分析
整数溢出
静态分析
动态分析
符号执行
vulnerability analysis
integer overflow
static analysis
dynamic analysis
symbolic execution
