摘要: |
对于软件漏洞分析复杂度过高的现状问题,本文认为其主要原因在于当前软件分析知识、技术及数据耦合程度高、各类知识与技术间缺乏有效编程接口连接,因而提出了将软件漏洞分析解耦合为知识、探索、状态等三层平面的设计。其中,状态平面可基于基础分析数据和既有的大数据操作接口表征程序分析状态及转换;知识平面与探索平面分别对应漏洞分析知识与技术/工具集合,本文从符号执行、污点分析、模式检测、模糊测试等现有技术类别中抽象出两平面间的知识与技术间的交互接口。在阐述三层平面的基础上,本文例举了实际漏洞分析应用场景,描绘出通过可编程接口连接各平面、以自由定制的方式发挥各平面间互补优势的愿景;期望随之努力达到打通各类知识、技术间的互通门槛,并融合数据处理技术以提升软件漏洞分析效能的效果。 |
关键词: 软件漏洞分析 知识平面 探索平面 状态平面 可编程接口 |
DOI:10.19363/J.cnki.cn10-1380/tn.2019.11.02 |
Received:December 19, 2017Revised:April 03, 2018 |
基金项目:本课题得到国家自然科学基金(No.61602470,No.61802394,No.U1836209);国家重点研发计划(No.2016QY071405);中国科学院战略先导(No.XDC02040100,No.XDC02030200,No.XDC02020200)资助。 |
|
Research on The Software Vulnerability Analysis Architecture with The Knowledge, Exploration and State Plane |
YUAN Zimu,XIAO Yang,WU Wei,HUO Wei,ZOU Wei |
Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China |
Abstract: |
We consider the reasons of high complexity on current software vulnerability analysis are the software analysis knowledge, tools and data coupling tightly, and lack of effective programming API interface to establish connection between analysis knowledge and technology, and therefore propose decoupled three planes of knowledge, exploration and state. Among them, the state plane can exhibit the status and transformation of software vulnerability analysis based on the basic analysis data and the operation interface on resilient distributed datasets; the knowledge plane and exploration plane map the set of software vulnerability knowledge and technology/tool respectively, and we extract the API interface between knowledge and technology from existing sorts of technology, such as symbolic execution, taint analysis, pattern detection and fuzz. On the basis of the three planes, three vulnerability analysis application scenarios are illustrated to depict the picture that planes are connected through programmatic interface, and their interactions can be freely customized to take the advantages of each of them; the expectation of our work is to lower the barriers between sorts of analysis technologies and knowledges, and combine with the frontiers of data processing technology to promote vulnerability analysis performance with effort devoted. |
Key words: software vulnerability analysis knowledge plane exploration plane state plane programmatic interface |