全部 标题 作者
关键词 摘要

OALib Journal期刊
ISSN: 2333-9721
费用:99美元
投递稿件

查看量下载量

相关文章

更多...
-  2015 

识别数据结构的协议格式逆向推理方法 Reverse engineering of protocol format via identifying program data structures

Keywords: 软件安全,协议逆向,细粒度污点

Full-Text   Cite this paper   Add to My Lib

Abstract:

针对现有协议格式逆向方法在现实中复杂语义环境下存在的逆向准确度不高的问题,抓住"协议结构与代码数据结构之间的协同映射"这一规律,提出了识别数据结构的协议格式逆向方法,利用细粒度的污点追踪,记录并分析协议在动态执行中的内存访问,通过在内存中追踪基址捕获与输入中不同字段相对应的数据结构,最后基于数据结构的独立性,逆向分析协议中的字段等格式信息.实验结果表明,与以协议字段在解析过程被当作一个整体访问为前提的传统方法相比,所提出的方法可以有效地识别出协议中的数据结构,从而更准确地逆向推理出协议格式

 References

[1]  Slowinska A,Stancescu T,Bos H.Body armor for binaries:preventing buffer overflows without recompilation[C]//Proceedings of 2012USENIX Annual Technical Conference,Boston:USENIX Association,2012.
[2]  Comparetti P,Wondracek G,Kruegel C,et al.Prospex:Protocol specification extraction[C]//Proceedings of IEEE Symposium on Security and Privacy,Oakland:IEEE Computer Society Press,2009:110-125.
[3]  Slowinska A,Stancescu T,Bos H.Howard:A dynamic excavator for reverse engineering data structures[C]//2011 Network and Distributed System Security Symposium.San Diego,2011.
[4]  Wang T,Wei T,Gu G,et al.TaintScope:A checksum-aware directed fuzzing tool for automatic software vulnerability detection[C]//Proceedings of IEEE Symposium on Security and Privacy,Oakland:IEEE Computer Society Press,2010:497-512.
[5]  Cui W,Peinado M,Chen W,et al.Tupni:automatic reverse engineering of input formats[C]//Proceedings of the 15th ACM Conference on Computer and Communications Security.Alexandria:ACM Press,2008:391-402.
[6]  Lin Z,Zhang X,Xu D.Automatic reverse engineering of data structures from binary execution[C]//Proceedings of the 17th Network and Distributed System Security Symposium,San Diego:Internet Society(ISOC),2010.
[7]  Lin Z,Zhang X.Reverse engineering input syntactic structure from program execution and its applications[J].IEEE Trans.Softw.Eng.,2010,36(5):688-703.
[8]  Lin Z,Jiang X,Xu D,et al.Automatic protocol format reverse engineering through context-aware monitored execution[C]//Proceedings of Network and Distributed System Security Symposium,San Diego:Internet Society(ISOC),2008.
[9]  Caballero J,Yin H,Liang Z,et al.Polyglot:Automatic extraction of protocol message format using dynamic binary analysis[C]//Proceedings of the 14th ACM Conference on Computer and Communications Security.New York:ACM Press,2007:317-329.
[10]  Song D,Brumley D,Yin H.BitBlaze:A new approach to computer security via binary analysis[C]//Proceedings of the 4th International Conference on Information Systems Security(ICISS 2008).Hyderabad:IEEE CS Press,2008:1-25.
[11]  Yin H,Song D,Egele E,et al,Panorama:capturing system-wide information flow for malware detection and analysis[C]//Proceedings of the 14th ACM Conference on Computer and Communications Security.Alexandria:ACM Press,2007:116-127.
[12]  Yin H,Song D.Temu:binary code analysis via wholesystem layered annotative execution[C]//Virtual Execution Environments.Pittsburgh:VEE Press,2010.

Full-Text

Contact Us

service@oalib.com

QQ:3279437679

WhatsApp +8615387084133