基于污点分析的程序崩溃分析

2014 Ninth International Conference on P2P, Parallel, Grid, Cloud and Internet Computing Pub Date : 2014-11-08 DOI:10.1109/3PGCIC.2014.100

Puhan Zhang, Jianxiong Wu, Wang Xin, Zehui Wu

{"title":"基于污点分析的程序崩溃分析","authors":"Puhan Zhang, Jianxiong Wu, Wang Xin, Zehui Wu","doi":"10.1109/3PGCIC.2014.100","DOIUrl":null,"url":null,"abstract":"Software exception analysis can not only improve software stability before putting into commercial, but also could optimize the priority of patch updates subsequently. We propose a more practical software exception analysis approach based on taint analysis, from the view that whether an exception of the software can be exploited by an attacker. It first identifies the type of exceptions, then do taint analysis on the trace that between the program entry point to exception point, and recording taint information of memory set and registers. It finally gives the result by integrating the above recording and the subsequent instructions analysis. We implement this approach to our exception analysis framework ExpTracer, and do the evaluation with some exploitable/un-exploitable exceptions which shows that our approach is more accurate in identifying exceptions compared with current tools.","PeriodicalId":395610,"journal":{"name":"2014 Ninth International Conference on P2P, Parallel, Grid, Cloud and Internet Computing","volume":"2015 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-11-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Program Crash Analysis Based on Taint Analysis\",\"authors\":\"Puhan Zhang, Jianxiong Wu, Wang Xin, Zehui Wu\",\"doi\":\"10.1109/3PGCIC.2014.100\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Software exception analysis can not only improve software stability before putting into commercial, but also could optimize the priority of patch updates subsequently. We propose a more practical software exception analysis approach based on taint analysis, from the view that whether an exception of the software can be exploited by an attacker. It first identifies the type of exceptions, then do taint analysis on the trace that between the program entry point to exception point, and recording taint information of memory set and registers. It finally gives the result by integrating the above recording and the subsequent instructions analysis. We implement this approach to our exception analysis framework ExpTracer, and do the evaluation with some exploitable/un-exploitable exceptions which shows that our approach is more accurate in identifying exceptions compared with current tools.\",\"PeriodicalId\":395610,\"journal\":{\"name\":\"2014 Ninth International Conference on P2P, Parallel, Grid, Cloud and Internet Computing\",\"volume\":\"2015 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-11-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 Ninth International Conference on P2P, Parallel, Grid, Cloud and Internet Computing\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/3PGCIC.2014.100\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 Ninth International Conference on P2P, Parallel, Grid, Cloud and Internet Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/3PGCIC.2014.100","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

摘要

软件异常分析不仅可以提高软件投入商用前的稳定性，还可以优化后续补丁更新的优先级。本文从软件异常是否可以被攻击者利用的角度出发，提出了一种基于污点分析的更实用的软件异常分析方法。它首先识别异常类型，然后对程序入口点到异常点之间的轨迹进行污点分析，并记录内存集和寄存器的污点信息。最后综合上述记录和后续的指令分析得出结果。我们在异常分析框架ExpTracer中实现了这种方法，并使用一些可利用/不可利用的异常进行评估，这表明与当前工具相比，我们的方法在识别异常方面更加准确。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Program Crash Analysis Based on Taint Analysis

Software exception analysis can not only improve software stability before putting into commercial, but also could optimize the priority of patch updates subsequently. We propose a more practical software exception analysis approach based on taint analysis, from the view that whether an exception of the software can be exploited by an attacker. It first identifies the type of exceptions, then do taint analysis on the trace that between the program entry point to exception point, and recording taint information of memory set and registers. It finally gives the result by integrating the above recording and the subsequent instructions analysis. We implement this approach to our exception analysis framework ExpTracer, and do the evaluation with some exploitable/un-exploitable exceptions which shows that our approach is more accurate in identifying exceptions compared with current tools.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2014 Ninth International Conference on P2P, Parallel, Grid, Cloud and Internet Computing

自引率

0.00%

发文量