| With the popularity of Web2.0and cloud computing approaching, virtualization technology is increasingly widespread.In recent years, web threats caused by AVM2security vulnerabilities have been gradually increased, some escape cases bring serious threats to Internet, but in general domestic and international research is not enough. Therefore, vulnerability mining technique based on AVM2escape is very important, which is good for increasing vulnerability discovery and repairing efficiency, accurating detection of malicious code, helping users improve safety awareness and means.In this paper, first introduce software vulnerability mining technique, virtual machine escape and flash vulnerability, then analyse the applications and flaws of AVM2escape, and clear the focus of later research.The key technologies of vulnerability mining based AVM2escape, focus on the vulnerability mining model to improve the design vulnerability mining rule base, including the definition of the rules, the extraction and storage. Through the initial template creation and dynamic generation of test cases, solve the the AVM2smart gray-box testing techniques. Finally, study the availability analysis of vulnerability to identify vulnerabilities and mining rule base.Based on key technology research, develop a corresponding excavation prototype system named AVMHunter, providing a good operation platform for the actual vulnerability detection and prevention technique. Discuss the overall design of the system architecture, each module of the system were designed on this basis. Then, study AVMHunter performance to be tested and verified its actual mining results, test results show that, the AVMHunter has good stability and mining effect.The end of this article uses less length to analyze the corresponding vulnerability prevention techniques and measures of the technique above, to providing some reference suggestions for developers and users. |
PDF Full Text Request