一级黄色片免费播放|中国黄色视频播放片|日本三级a|可以直接考播黄片影视免费一级毛片

高級(jí)搜索

留言板

尊敬的讀者、作者、審稿人, 關(guān)于本刊的投稿、審稿、編輯和出版的任何問(wèn)題, 您可以本頁(yè)添加留言。我們將盡快給您答復(fù)。謝謝您的支持!

姓名
郵箱
手機(jī)號(hào)碼
標(biāo)題
留言?xún)?nèi)容
驗(yàn)證碼

基于函數(shù)注入的沙箱攔截識(shí)別方法

趙旭 顏學(xué)雄 王清賢 魏強(qiáng)

趙旭, 顏學(xué)雄, 王清賢, 魏強(qiáng). 基于函數(shù)注入的沙箱攔截識(shí)別方法[J]. 電子與信息學(xué)報(bào), 2016, 38(7): 1823-1830. doi: 10.11999/JEIT151074
引用本文: 趙旭, 顏學(xué)雄, 王清賢, 魏強(qiáng). 基于函數(shù)注入的沙箱攔截識(shí)別方法[J]. 電子與信息學(xué)報(bào), 2016, 38(7): 1823-1830. doi: 10.11999/JEIT151074
ZHAO Xu, YAN Xuexiong, WANG Qingxian, WEI Qiang. Sandbox-interception Recognition Method Based on Function Injection[J]. Journal of Electronics & Information Technology, 2016, 38(7): 1823-1830. doi: 10.11999/JEIT151074
Citation: ZHAO Xu, YAN Xuexiong, WANG Qingxian, WEI Qiang. Sandbox-interception Recognition Method Based on Function Injection[J]. Journal of Electronics & Information Technology, 2016, 38(7): 1823-1830. doi: 10.11999/JEIT151074

基于函數(shù)注入的沙箱攔截識(shí)別方法

doi: 10.11999/JEIT151074
基金項(xiàng)目: 

國(guó)家863計(jì)劃項(xiàng)目(2012AA012902)

Sandbox-interception Recognition Method Based on Function Injection

Funds: 

The National 863 Program of China (2012AA012902)

  • 摘要: 沙箱驗(yàn)證機(jī)制的測(cè)試需要首先識(shí)別沙箱攔截,即識(shí)別沙箱截獲的系統(tǒng)函數(shù)集。已有的Hook識(shí)別方法大多僅關(guān)注鉤子的存在性,識(shí)別沙箱攔截的能力不足。該文設(shè)計(jì)了一種基于函數(shù)注入的沙箱攔截識(shí)別方法,該方法分析系統(tǒng)函數(shù)的指令執(zhí)行記錄(Trace)來(lái)識(shí)別沙箱截獲的系統(tǒng)函數(shù)。首先,向不可信進(jìn)程注入并執(zhí)行系統(tǒng)函數(shù)來(lái)獲取函數(shù)的執(zhí)行記錄;其次,根據(jù)沙箱截獲系統(tǒng)函數(shù)執(zhí)行記錄的特點(diǎn),設(shè)計(jì)了地址空間有限狀態(tài)自動(dòng)機(jī),并在自動(dòng)機(jī)內(nèi)分析獲取的執(zhí)行記錄來(lái)判別沙箱截獲的系統(tǒng)函數(shù);最后,遍歷測(cè)試函數(shù)集來(lái)識(shí)別目標(biāo)沙箱截獲的系統(tǒng)函數(shù)集。該文設(shè)計(jì)實(shí)現(xiàn)了原型系統(tǒng)SIAnalyzer,并對(duì)Chromium和Adobe Reader進(jìn)行了沙箱攔截識(shí)別測(cè)試,測(cè)試結(jié)果驗(yàn)證了方法的有效性和實(shí)用性。
  • YEE B, SEHR D, DARDYK G, et al. Native client: A sandbox for portable, untrusted x86 native code[C]. 2009 IEEE Symposium on Security and Privacy, Oakland, USA, 2009: 79-93.
    MAASS M, SALES A, CHUNG B, et al. A systematic analysis of the science of sandboxing[J]. PeerJ Computer Science, 2016, 2: e43. doi: 10.7717/peerj-cs.43.
    CVE-2014-0512[OL]. https://web.nvd.nist.gov/view/vuln /detail?vulnId=CVE-2014-0512, 2014.
    CVE-2014-0546[OL]. https://web.nvd.nist.gov/view/vuln/ detail?vulnId=CVE-2014-0546, 2014.
    CVE-2015-2429[OL]. https://web.nvd.nist.gov/view/vuln/ detail?vulnId=CVE-2015-2429, 2015.
    CVE-2011-1353[OL], https://web.nvd.nist.gov/view/vuln/ detail?vulnId=CVE-2011-1353, 2011.
    CVE-2013-0641[OL]. https://web.nvd.nist.gov/view/vuln/ detail?vulnId=CVE-2013-0641, 2013.
    CVE-2013-3186[OL]. https://web.nvd.nist.gov/view/vuln/ detail?vulnId=CVE-2013-3186, 2013.
    崔寶江, 梁曉兵, 王禹, 等. 基于回溯和引導(dǎo)的關(guān)鍵代碼區(qū)域覆蓋的二進(jìn)制程序測(cè)試技術(shù)研究[J].電子與信息學(xué)報(bào), 2012, 34(1): 108-114. doi: 10.3724/SP.J.1146.2011.00532.
    CUI B J, LIANG X B, WANG Y, et al. The study of binary program test techniques based on backtracking and leading for covering key code area[J]. Journal of Electronics Information Technology, 2012, 34(1): 108-114. doi: 10.3724/SP.J.1146.2011.00532.
    歐陽(yáng)永基, 魏強(qiáng), 王清賢, 等. 基于異常分布導(dǎo)向的智能Fuzzing方法[J].電子與信息學(xué)報(bào), 2015, 37(1): 143-149. doi: 10.11999/JEIT140262.
    OUYANG Y J, WEI Q, WANG Q X, et al. Intelligent fuzzing based on exception distribution steering[J]. Journal of Electronics Information Technology, 2015, 37(1): 143-149. doi: 10.11999/JEIT140262.
    SABABAL P and MARK V Y. Playing in the reader X sandbox[C]. Black Hat USA 2011, Las Vegas, USA 2011. https://media.blackhat.com/bh-us-11/Sabanal/BH_US_11_SabanalYason_Readerx_WP.pdf.
    MARK V Y. Understanding the attack surface and attack resilience of project spartans new edgeHtml rendering engine[C]. Black Hat USA 2015, Las Vegas, USA, 2015. https: //www. blackhat. com/ docs/ us-15/materials/us-15-Yason- Understanding-The-Attack-Surface-And-Attack-Resilience-Of-Project-Spartans-New-EdgeHTML-Rendering-Engine-wp.pdf.
    JAMES F. Digging for sandbox escapes-finding sandbox breakouts in Internet explorer[C]. Black Hat USA 2014, Las Vegas, USA, 2014. https://www.blackhat.com/docs/ us-14/ materials/us-14-Forshaw-Digging-For_IE11-Sandbox-Escapes. pdf.
    LI X N and LI H F. Smart COM fuzzing-auditing IE sandbox bypass in COM objects[C]. CanSecWest Vancouver 2015, Vancouver, Canada, 2015. https://cansecwest.com/ slides/ 2015/Smart_COM_Fuzzing_Auditing_IE_Sandbox_Bypass_in_COM_Objects-Xiaoning_li.pdf.
    BRIAN G and JASIEL S. Thinking outside the sandbox: Violating trust boundaries in uncommon ways[C]. Black Hat USA 2014, Las Vegas, USA, 2014. https: //www. blackhat. com/docs/us-14/materials/us-14-Gorenc-Thinking-Outside-The-Sandbox-Violating-Trust-Boundaries-In-Uncommon- Ways-WP.pdf.
    LIU Z H and GUILAUME L. Breeding Sandworms: How to fuzz your way out of Adobe Readers Sandbox[C]. Black Hat EUROPE 2012, Amsterdam, Netherlands, 2012. https:// media.blackhat.com/bh-eu-12/Liu_Lovet/bh-eu-12-Liu_Lovet-Sandworms-Slides.pdf.
    Wang Z, JIANG X, CUI W, et al. Countering persistent kernel rootkits through systematic hook discovery[C]. Recent Advances in Intrusion Detection 2008, Cambridge, England, 2008: 21-38.
    YIN H, POOSANKAM P, HANNA S, et al. HookScout: proactive binary-centric hook detection[C]. 7th Detection of Intrusions and Malware, and Vulnerability Assessment, Bonn, Germany, 2010: 1-20.
    BELLARD F. QEMU, a fast and portable dynamic translator[C]. Proc. USENIX Annual Technical Conference, Marroitt Anaheim, USA, 2005: 41-46.
  • 加載中
計(jì)量
  • 文章訪(fǎng)問(wèn)數(shù):  1347
  • HTML全文瀏覽量:  82
  • PDF下載量:  407
  • 被引次數(shù): 0
出版歷程
  • 收稿日期:  2015-09-21
  • 修回日期:  2016-03-03
  • 刊出日期:  2016-07-19

目錄

    /

    返回文章
    返回