基于细粒度二进制动态分析平台,提出通过系统调用参数的污点分析构建软件行为模型的方法.该方法主要在指令级别监控应用程序运行,跟踪系统调用参数的污点传播获取参数与参数、局部变量和外部数据之间的关联关系,进而抽取出参数的污点传播链.其次,基于参数污点传播链和系统调用序列构造能够同时反映控制流和数据流特性的软件动态行为模型.最后,分析和验证该模型具备检测隐秘的非控制流数据攻击的能力.%Based on the fine-grained binary dynamic analysis platform,we propose a taint analysis method to construct the software behavior model using the system call arguments.Firstly,the method obtains the associations between the arguments,between an argument and a local variable,and between an argument and a foreign data through monitoring the applications running and tracking the taint propagation of system call arguments at the instruction level,and then the taint propagation chains between arguments are generated.Secondly,a software behavior model,which covers control-flow and data-flow,is built according to these chains and system call sequence.Finally,the experimental and analytical results demonstrate that this model can be used to detect stealthy noncontrol attacks.
展开▼
