%0 Journal Article %T 软件漏洞分析中的脆弱点定位方法 %A 蔡军 %A 邹鹏 %A 杨尚飞 %A 何骏< %A /br> %A CAI Jun %A ZOU Peng %A YANG Shangfei %A HE Jun %J 国防科技大学学报 %D 2015 %R 10.11887/j.cn.201505022 %X 针对二进制程序漏洞成因复杂难以分析的问题,提出运用污点分析的软件脆弱点定位方法,并实现了一个工具原型SwordChecker。以动态污点追踪为基础,依据漏洞模式通过特征匹配来定位软件中的脆弱点,运用二分查找定位影响脆弱点的敏感字节。实验表明,使用SwordChecker能够精确快速识别定位软件中三种类型的脆弱点, 已成功分析了多个已公开漏洞的成因,并已辅助挖掘出几个未公开漏洞。</br>Aiming at the difficulty in analysis of binary program vulnerabilities, an approach for software vulnerable spots localization based on taint analysis was proposed, and a corresponding tool named SwordChecker was implemented. This method is based on dynamic taint tracing. Software vulnerable spots were localized by character matching according to vulnerability patterns, and sensitive bytes which affected the vulnerable spots were localized by binary-search. Experiment results show that SwordChecker can accurately identify and localize three types of software vulnerable spots fast, has successfully analyzed the causes of multiple open vulnerabilities, and has assisted mining several undisclosed vulnerabilities. %K 污点分析 脆弱点定位 二分查找< %K /br> %K taint analysis vulnerable spots localization binary-search %U http://journal.nudt.edu.cn/gfkjdxxb/ch/reader/view_abstract.aspx?file_no=201505022&flag=1