The Research And Realization Of Dynamic Taint Analysis Based Security Attack Detection Technology

The increasing size and complexity of modern software systems lead to anincreasing number of security vulnerabilities. Well-known examples include buferoverflow,format string,SQL injection,and cross-site scripting vulnerability.Thesevulnerabilities allow malicious users to launch attacks by executing arbitrary code,causing severe damages to the running process or stealing sensitive data on a vulnerablesystem. In view of the vulnerabilities caused by destructive power, and threats toinformation security, the detection of exploits at home and abroad have some morein-depth study. However, these technologies has many deficiencies, stain information,detection technology based on compile-time dynamic tracking applications written fornon-type-safe language can not be detected. Detection techniques based on source codeanalysis, can not detect exploits against third-party libraries, and the lack ofinformation in the run-time support, have a higher false positive and false negative rate.In this thesis, a new type of exploit detection technology-based on dynamic taintanalysis, exploit detection technology exploits the principle of in-depth analysis andrelated technology research basis. Tracking program for the method of dynamicrun-time data processing, and record the spread of data processing to identify thedependencies between the purpose of data results with the source data, so as to achievethe purpose of detecting exploits. The main contribution of this thesis is as follows:(1) implemented a spread based on the control flow of the stain. This article notonly to achieve a stream-based stain communication process, but also takes into accountthe information flow control dependencies. Proposed heuristic CFG dynamically buildthrough the instruction mapping, the basic block combination and pdom of treeconstruction, and establish control dependencies between information flow and controlflow analysis algorithm based on control flow stain communication process, to solve thedynamic taint analysis detected blind spot problem.(2) Establish a more rigorous safety testing strategy. This article by the mainstream exploits the principle of in-depth analysis of MBSL language combined with the regularexpression more rigorous definition of the safety testing strategies to solve the problemof lax security testing strategy underreporting can detect a wider range of exploits.(3) implemented a prototype detection system based on dynamic taint analysisexploits. The system by dynamically tracking the spread of the flow of information inthe binary object program at run time to detect and prevent untrusted external data fornon-safety data manipulation, and thereby contain the source of the attack. The systemdoes not need to analyze the target program source code, can be applied to allcommercial software, exploit detection, low false negative and false positive rate. Thelast experiment of this paper from two aspects of the functionality and performance toprove the feasibility and effectiveness of the prototype system.