跳到主要內容

臺灣博碩士論文加值系統

(44.220.251.236) 您好!臺灣時間:2024/10/04 10:11
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:林政德
研究生(外文):Lin, Cheng-Te
論文名稱:自動化脅迫生成設計與實作
論文名稱(外文):Design and Implement of Automatic Exploit Generation Process
指導教授:黃世昆黃世昆引用關係
指導教授(外文):Huang, Shin-Kun
口試委員:孔崇旭黃俊穎
口試委員(外文):Koong, Chorng-ShiuhHuang, Chun-Ying
口試日期:2017-05-26
學位類別:碩士
校院名稱:國立交通大學
系所名稱:資訊科學與工程研究所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2017
畢業學年度:105
語文別:中文
論文頁數:22
中文關鍵詞:自動化脅迫產生符號執行
外文關鍵詞:Automatic Exploit GenerationSymbolic Execution
相關次數:
  • 被引用被引用:0
  • 點閱點閱:274
  • 評分評分:
  • 下載下載:20
  • 收藏至我的研究室書目清單書目收藏:0
隨著資訊技術的發展和網際網路的普及運用,大量應用程式與服務都經由網路連接與溝通。但這些應用程式與服務可能有軟體漏洞,有心人士可經網路利用,形成威脅。在資訊安全領域中,可分為防禦和攻擊二種方向。防禦方面的研究主要是透過軟體測試和漏洞修補來避免或減少危害,而攻擊方面的研究則是注重如何有效利用軟體漏洞。自動脅迫生成是屬於攻擊方面的研究。
我們過去有發展稱為 CRAX的自動脅迫生成平台 (Automatic exploit generation)。CRAX採用全系統符號執行的方式,可利用底層核心與大型軟體的漏洞,但同時因為全系統的模擬操作,必須記錄完整核心狀態,操作過程較為繁瑣,可用性較低。為了增進CRAX的可用性,我們實作Python API來達成CRAX操作流程的自動化。透過這套自動化脅迫生成API,使用者可以自動生成大量脅迫測試資料。
With the development of information technology and the popularity of the Internet, client applications and services communicate with each through network. However, there may be some software vulnerabilities in these applications, so that those vulnerabilities can be exploited, resulting in security threats. In the security research field, there are defense and attack directions . For defense research, we mainly focus on avoiding and reducing the security risks by software testing and vulnerability repair. For attack research, we focus on how to effectively exploit the software vulnerabilities. Automatic exploit generation is one of main area of attack research.
We formerly have developed an automatic exploit generation platform called CRAX. CRAX inherits some good features from its underlying platform, but it also inherits some bad features, especially the cumbersome operation process. In order to improve the usability of CRAX, this study implements a set of Python API to automate the operation process of CRAX. With this automatic exploit generation API, users can easily exploit a large number of programs at once.
摘要 ................................ ................................ ................................ ................................ ............ II
ABSTRACT ................................ ................................ ................................ ................................ ... III
誌謝 ................................ ................................ ................................ ................................ ........... IV
目錄 ................................ ................................ ................................ ................................ ............ V
表目錄 ................................ ................................ ................................ ................................ ...... VIIVII
圖目錄 ................................ ................................ ................................ ................................ ..... VIIIVIII VIII
一 緒論 ................................ ................................ ................................ ................................ ...... 1
1.1 狀況描述 ................................ ................................ ................................ .................... 1
1.2 研究動機 ................................ ................................ ................................ .................... 1
1.3 研究目標 ................................ ................................ ................................ .................... 2
1.4 論文大綱 ................................ ................................ ................................ .................... 2
二 研究背景 ................................ ................................ ................................ .............................. 3
2.1 軟體品質測試 ................................ ................................ ................................ ............ 3
2.1.1 符號執行 ................................ ................................ ................................ ........ 3
2.1.2 調適性輸入符號執行 ................................ ................................ .................... 5
2.1.3 擬真執行 ................................ ................................ ................................ ........ 5
2.1.4 單一路徑擬真執行 ................................ ................................ ........................ 6
2.1.5 S 2E ................................ ................................ ................................ ................... 7
2.2 程式安全弱點 ................................ ................................ ................................ ............ 8
2.2.1 緩衝區溢位 ................................ ................................ ................................ .... 8
2.2.2 整數型態的弱點 ................................ ................................ ............................ 8
2.2.3 無控制的格式字串 ................................ ................................ ........................ 9
2.2.4 指令碼注入 ................................ ................................ ................................ .... 9
2.3 相關研究 ................................ ................................ ................................ .................... 9
2.3.1 CGC CRS ................................ ................................ ................................ .......... 9
2.3.2 CodeJitsu Galactic ................................ ................................ .................. 10
2.3.3 ForAllSecure Mayhem ................................ ................................ ................ 11
2.3.4 Shellphish Mechanical phish ................................ ................................ 11
三 研究方法與實作 ................................ ................................ ................................ ................ 12
3.1 系統原操作流程 ................................ ................................ ................................ ...... 12
3.2 自動化脅迫生成 API ................................ ................................ ............................... 13
3.2.1 API 架構 ................................ ................................ ................................ ....... 13
3.2.2 API 使用範例 ................................ ................................ ............................... 14
VI
四 實驗結果與分析 ................................ ................................ ................................ ................ 16
4.1 實驗環境 ................................ ................................ ................................ .................. 16
4.2 實驗測試程式 ................................ ................................ ................................ .......... 16
4.3 實驗結果和分析 ................................ ................................ ................................ ...... 17
五 總結與未來展望 ................................ ................................ ................................ ................ 20
參考資料 ................................ ................................ ................................ ................................ .. 21
1. MITRE. CVE Official Website. Available from: https://cve.mitre.org/.
2. Brumley, D., et al., Automatic exploit generation, in Communications of the ACM. 2014. p. 74-84.
3. Huang, S.-K., et al., CRAX: Software Crash Analysis for Automatic Exploit Generation by Modeling Attacks as Symbolic Continuations, in IEEE Sixth International Conference on Software Security and Reliability. 2012, IEEE: Gaithersburg, MD, USA.
4. Chipounov, V., V. Kuznetsov, and G. Candea, S2E: a platform for in-vivo multi-path analysis of software systems. ACM SIGARCH Computer Architecture News - ASPLOS '11, 2011. 39(1): p. 265-278.
5. King, J.C., Symbolic execution and program testing, in Communications of the ACM. 1976. p. 385-394.
6. Phang, K.Y., et al., STP constraint solver.
7. Moura, L.d. and N. Bjørner, Z3: An Efficient SMT Solver, in International Conference on Tools and Algorithms for the Construction and Analysis of Systems. 2008, Springer, Berlin, Heidelberg. p. 337-340.
8. Yeh, C.-C., H. Chung, and S.-K. Huang, CRAXfuzz: Target-Aware Symbolic Fuzz Testing, in IEEE 39th Annual Computer Software and Applications Conference. 2015, IEEE: Taichung, Taiwan.
9. Sen, K. Concolic testing. in the twenty-second IEEE/ACM international conference on Automated software engineering. 2007. Atlanta, Georgia, USA.
10. Bellard, F. QEMU, a Fast and Portable Dynamic Translator. in USENIX Annual Technical Conference. 2005. Anaheim, CA, USA.
11. Dunbar, D. and D. Engler, KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs, in USENIX Symposium on Operating Systems Design and Implementation. 2008: San Diego, CA, USA.
12. Lattner, C. and V. Adve. LLVM: A Compilation Framework for Lifelong Program Analysis & Transformation. in the international symposium on Code generation and optimization: feedback-directed and runtime optimization. 2004. Palo Alto, California.
13. Cowan, C., F. Wagle, and C. Pu. Buffer overflows: attacks and defenses for the vulnerability of the decade. in DARPA Information Survivability Conference and Exposition. 2000. Hilton Head, SC, USA: IEEE.
14. DARPA. Cyber Grand Challenge - THE WORLD'S FIRST ALL-MACHINE HACKING TOURNAMENT. Available from: http://archive.darpa.mil/cybergrandchallenge/.
15. Walker, M. Could a purpose built supercomputer play DEF CON Capture the Flag? in International Symposium on Software Testing and Analysis. 2014. Bay Area, California.
16. Song, D., et al., BitBlaze: A New Approach to Computer Security via Binary Analysis, in International Conference on Information Systems Security. 2008, Springer, Berlin, Heidelberg. p. 1-25.
17. Böhme, M., V.-T. Pham, and A. Roychoudhury. Coverage-based Greybox Fuzzing as Markov Chain. in ACM SIGSAC Conference on Computer and Communications Security. 2016. Vienna, Austria.
連結至畢業學校之論文網頁點我開啟連結
註: 此連結為研究生畢業學校所提供,不一定有電子全文可供下載,若連結有誤,請點選上方之〝勘誤回報〞功能,我們會盡快修正,謝謝!
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top