北京航空航天大学学报 ›› 2015, Vol. 41 ›› Issue (12): 2348-2355.doi: 10.13700/j.bh.1001-5965.2015.0164

• 论文 • 上一篇    下一篇

基于禁忌搜索的动态符号执行方法

蔡军1, 邹鹏1, 马金鑫2, 何骏1   

  1. 1. 装备学院 复杂电子系统仿真实验室, 北京 101416;
    2. 中国信息安全测评中心, 北京 100085
  • 收稿日期:2015-03-23 修回日期:2015-06-19 出版日期:2015-12-20 发布日期:2016-01-04
  • 通讯作者: 邹鹏(1957-),男,山东高青人,教授,zpeng@nudt.edu.cn,主要研究方向为信息安全. E-mail:zpeng@nudt.edu.cn
  • 作者简介:蔡军(1982-),男,湖北天门人,博士研究生,cjgfkd@163.com
  • 基金资助:
    国家“863”计划(2012AA012902);“核高基”国家科技重大专项基金(2013ZX01045-004)

Dynamic symbolic execution approach based on tabu search

CAI Jun1, ZOU Peng1, MA Jinxin2, HE Jun1   

  1. 1. Science and Technology on Complex Electronic System Simulation Laboratory, Academy of Equipment, Beijing 101416, China;
    2. China Informaiton Technology Security Evaluation Center, Beijing 100085, China
  • Received:2015-03-23 Revised:2015-06-19 Online:2015-12-20 Published:2016-01-04

摘要: 软件漏洞是网络安全问题的根源之一,软件漏洞检测是当前网络安全领域的一个研究热点.动态符号执行是近年来研究较多的一种漏洞检测技术,针对现有动态符号执行方法在通过约束求解生成测试用例时,生成的测试用例存在大量重复或近似重复的问题,提出了一种基于禁忌搜索的动态符号执行方法,并实现了一个相应的工具原型SwordSE.该方法利用了禁忌搜索算法的全局逐步寻优能力,通过建立评价函数来优选种子文件,通过建立禁忌表来避免重复搜索.实验结果表明,SwordSE的路径搜索效率明显优于现有工具,且已发现0day漏洞4个.

关键词: 网络安全, 软件漏洞检测, 禁忌搜索, 动态符号执行, 中间表示

Abstract: Software vulnerabilities are one of the root causes of network security problem, and software vulnerability detection is currently a hot topic in the field of network security. Dynamic symbolic execution is one of the most studied approaches for vulnerability detection recently. Aimed at the problem that existing dynamic symbolic approaches produced a large number of duplicate or near-duplicate test cases, we proposed a novel dynamic symbolic execution approach based on tabu search, and implemented a corresponding tool named SwordSE. The proposed approach took advantage of the tabu search algorithm's ability of global optimization, it can do optimized seed selection by establishing an evaluation function, and can avoid duplicate path search by establishing a tabu list. Experiment results show that SwordSE's path search efficiency is significantly better than those of existing tools, and has detected four zero-day vulnerabilities until now.

Key words: network security, software vulnerability detection, tabu search, dynamic symbolic execution, intermediate representation

中图分类号: 


版权所有 © 《北京航空航天大学学报》编辑部
通讯地址:北京市海淀区学院路37号 北京航空航天大学学报编辑部 邮编:100191 E-mail:jbuaa@buaa.edu.cn
本系统由北京玛格泰克科技发展有限公司设计开发