| Cryptographic algorithms are widely used in the field of information security and play an important role in the maintenance of network security.Cryptographic misuse vulnerability refers to the fact that on the premise of the security of the cryptographic algorithms,the use of the cryptographic algorithms by the developers violates the security application rules and policies of cryptgraphy,which leads to the security detect of the software or system.In recent years,various types of software vulnerabilities caused by cryptographic misuse have emerged in an endless stream,which makes data security faced with severe challenges.At present,the research on cryptographic misuse vulnerability has not been adequate.The main problems are as follows: lack of systematic review of misuse vulnerability mechanism,relatively scattered detection methods and failure to fully exploit the advantages of software reverse engineering in vulnerability detection.In order to solve these problems,this paper analyzes the causes of vulnerabilities entirely and proposes a cryptographic misuse detection method that targets Windows applications,which integrates both dynamic data flow analysis and static control flow analysis methods.The main works of this paper are as follows:1?This paper proposes a set of classification model for cryptographic misuse vulnerability.By analyzing the existing cryptographic misuse vulnerabilities in the CVE database,this paper conducts intensive research from the perspectives of vulnerability generation reasons,parameter characteristics and identification characteristics,and classifies vulnerabilities into two main categories from the perspective of vulnerability detection: parameter misuse vulnerabilities and application integrity misuse vulnerabilities,both of which contain several subclasses.2?For parameter misuse vulnerabilities,this paper puts forward a detection method based on rules matching.A rule model of parameter misuse vulnerability detection is established to summarize the specific detection rules for different types of parameter misuse vulnerabilities.With reference to the information of encryption and decryption process that each detection rule relies on,dynamic analysis and static analysis methods are comprehensively used for the information extraction and analysis.On this foundation,the vulnerability detection is implemented through rule matching.3?For application integrity misuse vulnerabilities,this paper presents a detection method based on cryptographic function dominator tree.Firstly,this thesis builds a hierarchical and modular cryptographic function application integrity model where a cryptographic module is used to characterize the complete cryptographic function call process corresponding to different functions.Then,a method combining dynamic and static analysis is proposed to extract the cryptographic function call graph and dominator tree of application program.Finaly,referring to the complete function call process in the corresponding cryptographic module,it is determined whether the extracted cryptographic function call has a defect.4?This paper has designed and implemented a prototype system of cryptographic misuse vulnerability detection.The system is composed of parameter misuse vulnerability detection subsystem and application integrity misuse vulnerability detection subsystem.Based on the parameter detection rules and the cryptographic function application integrity model,misuse vulnerability detection is performed.Experimental results show that the system can effectively detect different kinds of misuse vulnerabilities in RTX,CAJViewer,Thunder Download and other softwares,verifying the feasiblity of this method. |
PDF Full Text Request