%0 Journal Article
%T 基于污点分析和符号执行的漏洞签名生成方法<br>Approach ofgenerating vulnerability signature based on taint analysis and symbolic execution
%A 辛伟
%A 时志伟
%A 郝永乐
%A 董国伟
%J 清华大学学报（自然科学版）
%D 2016
%R 10.16511/j.cnki.qhdxxb.2016.23.006
%X 漏洞签名是指触发程序漏洞的输入的集合, 利用漏洞签名对程序输入进行过滤是一种有效的保护漏洞程序的方法。该文主要研究漏洞签名的生成技术, 提出了一种有效的基于污点分析和符号执行的漏洞签名生成方法, 它通过污点信息传播定位输入中的与触发漏洞相关的字节, 然后, 通过符号执行得到路径约束, 并通过约束求解得到最终的漏洞签名。基于开源项目Pin和Z3, 该文构建了基于污点分析和符号执行的漏洞签名生成原型系统TASEVS, 并对漏洞程序进行了验证。实验结果表明, TASEVS能有效地生成漏洞签名。<br>Abstract：A vulnerability signature matches a set of inputs which trigger software vulnerability. Application of vulnerability signature to input filtering is one of the most popular and effective defense mechanisms for protecting vulnerable programs against exploits. A method for generating vulnerability signature was developed using taint analysis and symbolic execution. The method locates bytes in input that direct execution to vulnerable points using taint analysis. Path constraints are generated via dynamic symbolic execution with the final vulnerability signature obtained through constraint solving.A proof-of-concept system, TASEVS, was implemented based on instrumentation tool Pin and constraint solver Z3. Experimental results show that the TASEVS can effectively generate vulnerability signature.
%K 二进制程序
%K 漏洞签名
%K 污点分析
%K 符号执行
%K 约束求解
%K &lt
%K br&gt
%K binary-executable-oriented software
%K vulnerability signature
%K taint analysis
%K symbolic execution
%K constraint solving
%U http://jst.tsinghuajournals.com/CN/Y2016/V56/I1/28