| In recent years, with the development of technology and gradual maturity of the Internet, Internet security becomes a hot topic.The vulnerability as the core of the Internet is made the big companies and research institutions focus on this object. First, the thesis researched on vulnerability theory and instrumentation principle, second the thesis proposed an automatic vulnerability verification platform which based on instrumentation. The platform is functionally divided into two main sections: the vulnerability verification control terminal and the vulnerability verification server. The design of vulnerability verification control terminal used MFC simple interface. It is responsible for human-computer interaction and vulnerability parameters configuration. Besides,the vulnerability verification control terminal contains the virtual machine management module, and it is responsible for the distribution of samples to the corresponding virtual machine. Vulnerability verification server includes virtual machine management module. Vulnerability verification server is installed in each virtual machine, which works on automatic verification of the unknown sample loophole. The platform records sample behavior after verifying vulnerability sample by monitoring file system. Finally, the platform designed vulnerability database used to store sample information. The thesis?s research work is mainly the following sections:1. To deeply investigate the various types of instrumentation tools and compare their advantages and disadvantages.For Pin instrumentation tool in the thesis, a detailed study of how it works and the preparation of the instrumentation rules are made.2. In the Linux environment, the concept of original instrumentation was puted forward, based on automated verification vulnerability technology platform, the platform uses C / S structure to achieve automation functions, namely the control terminal and server mode. The control terminal is divided into user interaction module, this module is responsible for human-computer interaction, and issues vulnerability verification command; virtual machine management module, which is responsible for the sorting process of vulnerability sample validation; a communication module, using overlapped I / O technology for asynchronous interaction. Server is divided into two modules, first is vulnerability trigger decision module, which is mainly responsible for the unknown sample instrumentation verification. The second one is exploit perception module, which is responsible for monitoring the behavior of the sample. Finally, vulnerability database is responsible for storing information about the vulnerability.3. Virtual machine management module deploys on a virtual machine environment, mainly divided into two versions,first is the operating system version and the second is application software version.Application software versions include chat tools, download tools, office tools and so on. Similar software are deployed in a same testing environment, which conserve resources and easy to manage.4. Each virtual environment has a vulnerability verification server, which loads and verifies unknown sample by instrumentation principle of buffer overflow vulnerability and ROP vulnerability modules. Besides, this module provides verification interface for other vulnerabilities.5. The platform d esigns a Linux file detection module, which is based on LKM technology to realize monitoring file operations, after vulnerability samples triggering vulnerabilities.6. Establishing a vulnerability database is to enter information of available vulnerability, which is available to professionals for querying and secondary using. |
PDF Full Text Request