TOCTOU 漏洞的靜態分析與實作

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：11

、訪客IP：52.14.126.74

姓名

曾耀儂(Yao-Nang Tseng) 查詢紙本館藏

畢業系所

資訊工程學系

論文名稱

TOCTOU 漏洞的靜態分析與實作
(Static Analysis and Implementation of TOCTOU Vulnerability)

相關論文

★ 條件判斷式事件驅動程式設計之C語言擴充	★ 基于小波变换的指纹活度检测,具有聚集 LPQ 和 LBP 特征
★ 應用自動化測試於異質環境機器學習管道之 MLOps 系統	★ 設計具有可視化思維工具和程式作為單一步的輔助學習程式之棋盤式遊戲
★ 用於繪製風力發電控制邏輯之特定領域語言	★ 在Java程式語言中以雙向結構表達數學公式間關聯之設計與實作
★ 支援模組化規則製作之程式碼轉換工具	★ 基於替代語意的 pandas DataFrame 靜態型別檢查器
★ 自動化時間複雜度分析的設計與實作–從軟體層面評估嵌入式系統的功率消耗	★ 以震波層析成像為應用之特定領域語言實作與分析
★ 用特徵選擇減少疲勞偵測腦電圖通道數	★ 一個應用紙本運算與數位化於程式設計學習使程序性思維可視化的機制
★ 基於抽象語法樹的陣列形狀錯誤偵測	★ 從合作學習角色分工獲得函式程式設計思維學習遞迴程式的機制
★ 基於抽象語法樹的深度複製及彈性別名之所有權系統解決 Java 表示暴露問題	★ 基於 Python 型別提示檢查不可變性

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

至系統瀏覽論文 (2024-6-25以後開放)

摘要(中)

C語言同時擁有高階語言與低階語言的許多優點，執行效率高、能直接控制硬體、可移植性佳，因此非常廣泛地被採用；根據TIOBE INDEX網站的熱門語言排行榜，C語言從1989年至今都一直維持在前2名。
但是C語言先天上有許多問題，容易導致程式人員寫出不安全的程式碼，再加上因其悠久的歷史累積了大量的既有程式碼 (legacy code)，因此大多仰賴動態分析或靜態分析工具來找出這些漏洞；其中C語言中的TOCTOU (time of check to time of use) 漏洞一旦遭利用將導致嚴重的系統安全問題，雖然陸續都有學者提出動態或靜態的分析方法，其結果卻不盡理想。
本論文提出結合符號執行 (symbolic execution) 與參數追蹤的偵測方法，做到精確的靜態分析，並且能處理變數別名與函數別名的狀況；再以Clang Static Analyzer實作出工具，並以命令列介面以及網頁形式呈現偵測結果，最後以Juliet Test Suite檢驗此分析的準確性，再分別與文獻提出的方法以及業界常用的C靜態工具進行比較分析。

摘要(英)

C language has many advantages of high-level language and low-level language, such as high execution efficiency, direct control of hardware, and good portability, hence it is widely used in the industry. According to the popular programming language list of TIOBE INDEX website, C language has maintained its position in the top 2 since 1989.
However, C language has many inborn problems, which is likely to cause programmers to write unsafe codes. In addition, it has accumulated a large number of legacy codes due to its long history. Therefore, most programmers rely on dynamic analysis or static analysis tools to identify these vulnerabilities. TOCTOU (time of check to time of use), one of those vulnerabilities, will lead to serious system security problems once abused. Although scholars have proposed some detection methods, the results are not ideal.
We propose a detection method which combines symbolic execution and parameter tracking. The proposed method is able to detect TOCTOU more accurately, and deal with alias problems of variables and functions. Moreover, we implement this method with Clang Static Analyzer and present the detection result through command line and web pages. Finally, the tool we implemented is tested by Juliet Test Suite to verify its accuracy, and compared with the methods proposed in the literature and the C static tools commonly used in the industry.

關鍵字(中)

★ TOCTOU 漏洞
★ 靜態分析
★ LLVM
★ Clang Static Analyzer

關鍵字(英)

★ TOCTOU vulnerability
★ Static analysis
★ LLVM
★ Clang Static Analyzer

論文目次

摘要 i
Abstract ii
誌謝 iii
目錄 iv
圖目錄 v
表目錄 vi
一、緒論 1
1.1研究背景與動機 1
1.2研究架構 2
1.3論文章節概述 3
二、文獻探討 5
2.1 TOCTOU漏洞 5
2.2動態分析 6
2.3靜態分析 7
2.4 Symbolic Execution 10
2.5 LLVM與Clang Static Analyzer (CSA) 11
2.6 相關論文 12
三、本文提出的方法 17
四、本文實作出的工具 20
4.1實作環境 20
4.2實作邏輯 20
4.3實作細節 20
4.4實作結果 25
五、比較分析 29
5.1本文方法與文獻提出方法的比較 29
5.2 本文工具與業界常用工具的比較 34
六、結論與未來研究方向 42
參考文獻 43

參考文獻

1. TIOBE Index. Retrieved May 2, 2019, from https://www.tiobe.com/tiobe-index/
2. Seacord, Robert C. (2013). Secure Coding in C and C++: Addison-Wesley Professional.
3. Bishop, M., & Dilger, M. (1996). Checking for race conditions in file accesses. Computing systems, 2(2), 131-152.
4. Viega, J., Bloch, J. T., Kohno, Y., & McGraw, G. (2000, December). ITS4: A static vulnerability scanner for C and C++ code. Proceedings of the 16th IEEE Annual Computer Security Applications Conference, 257-267.
5. Wei, J., & Pu, C. (2005, December). TOCTTOU vulnerabilities in UNIX-Style file systems: An anatomical study. Proceedings of the 4th USENIX Conference on File and Storage Technologies, 5, 156-167.
6. 賴亭君（2018），用LLVM靜態分析器偵測TOCTOU漏洞，國立中正大學資訊工程研究所碩士論文。
7. Dean, D., & Hu, A. J. (2004, August). Fixing races for fun and profit: How to use access (2). Proceedings of the 13th USENIX Security Symposium, 195-206.
8. Ball, T. (1999, October). The concept of dynamic analysis. ACM SIGSOFT Software Engineering Notes, 24(6), 216-234.
9. Cornelissen, B., Zaidman, A., Van Deursen, A., Moonen, L., & Koschke, R. (2009). A systematic survey of program comprehension through dynamic analysis. IEEE Transactions on Software Engineering, 35(5), 684-702.
10. Gosain, A., & Sharma, G. (2015). A survey of dynamic program analysis techniques and tools. Proceedings of the 3rd International Conference on Frontiers of Intelligent Computing: Theory and Applications, 113-122.
11. Nethercote, N. (2004). Dynamic binary analysis and instrumentation. University of Cambridge.
12. Hangal, S., & Lam, M. S. (2002, May). Tracking down software bugs using automatic anomaly detection. Proceedings of the 24th IEEE International Conference on Software Engineering, 291-301.
13. Gomes, I., Morgado, P., Gomes, T., & Moreira, R. (2009). An overview on the static code analysis approach in software development. Faculdade de Engenharia da Universidade do Porto, Portugal.
14. Ayewah, N., Pugh, W., Hovemeyer, D., Morgenthaler, J. D., & Penix, J. (2008). Using static analysis to find bugs. IEEE software, 25(5), 22-29.
15. Chess, B., & McGraw, G. (2004). Static analysis for security. IEEE Security & Privacy, 2(6), 76-79.
16. Chess, B., & West, J. (2007). Secure programming with static analysis: Pearson Education.
17. Cousot, P., & Cousot, R. (1977, January). Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. Proceedings of the 4th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, 238-252
18. Landi, W. (1992). Undecidability of static analysis. ACM Letters on Programming Languages and Systems, 1(4), 323-337.
19. Wagner, D., & Dean, R. (2000, May). Intrusion detection via static analysis. Proceedings of the 2001 IEEE Symposium on Security and Privacy, 156-168.
20. Ball, T., & Rajamani, S. K. (2002, January). The SLAM project: Debugging system software via static analysis. ACM SIGPLAN Notices, 37(1),1-3.
21. Venkatasubramanyam, R. D., & GR, S. (2014, June). Why is dynamic analysis not used as extensively as static analysis: an industrial study. Proceedings of the 1st ACM International Workshop on Software Engineering Research and Industrial Practices, 24-33.
22. Ernst, M. D. (2003, May). Static and dynamic analysis: Synergy and duality. Proceedings of WODA 2003: ICSE Workshop on Dynamic Analysis, 24-27.
23. Baldoni, R., Coppa, E., D’elia, D. C., Demetrescu, C., & Finocchi, I. (2018). A survey of symbolic execution techniques. ACM Computing Surveys, 51(3).
24. Schwartz, E. J., Avgerinos, T., & Brumley, D. (2010, May). All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). Proceedings of 2010 IEEE Symposium on Security and Privacy, 317-331.
25. Cadar, C., & Sen, K. (2013). Symbolic execution for software testing: three decades later. Communications of the ACM, 56(2), 82-90.
26. Clarke, L. A. (1976). A system to generate test data and symbolically execute programs. IEEE Transactions on Software Engineering, (3), 215-222.
27. King, J. C. (1976). Symbolic execution and program testing. Communications of the ACM, 19(7), 385-394.
28. Binary 自動分析的那些事. Retrieved May 2, 2019, from https://hitcon.org/2016/CMT/slide/day1-r1-a-1.pdf
29. LLVM. Retrieved May 2, 2019, from https://llvm.org/
30. Getting Started with LLVM Core Libraries. Retrieved May 2, 2019, from
https://www.amazon.com/Getting-Started-LLVM-Core-Libraries/dp/1782166920
31. Clang Static Analyzer. Retrieved May 2, 2019, from https://clang-analyzer.llvm.org/
32. Xu, Z., Kremenek, T., & Zhang, J. (2010, October). A memory model for static analysis of C programs. Proceedings of International Symposium On Leveraging Applications of Formal Methods, Verification and Validation, 535-548.
33. llvm之旅第一站. Retrieved May 2, 2019, from http://www.nagain.com/activity/article/4/
34. Cowan, C., Beattie, S., Wright, C., & Kroah-Hartman, G. (2001, August). RaceGuard: Kernel protection from temporary file race vulnerabilities. Proceedings of USENIX Security Symposium, 165-176.
35. Pu, C., & Wei, J. (2006, March). A methodical defense against tocttou attacks: The edgi approach. Proceedings of 2006 International Symposium on Secure Software Engineering.
36. Juliet Test Suite User Guide. Retrieved May 2, 2019, from
https://samate.nist.gov/SARD/resources/Juliet_Test_Suite_v1.2_for_C_Cpp_-_User_Guide.pdf
37. Juliet Test Suite. Retrieved May 2, 2019, from https://samate.nist.gov/SARD/testsuite.php
38. Fatima, A., Bibi, S., & Hanif, R. (2018, January). Comparative study on static code analysis tools for C/C++. Proceedings of the IEEE International Bhurban Conference on Applied Sciences and Technology, 465-469.

指導教授

莊永裕(Yung-Yu Zhuang)

審核日期

2019-6-28

推文