基于v8引擎的二进制漏洞挖掘平台设计与实现-电子与通信工程专业论文.docx

Abstract Software vulnerability is currently one of the key problems of the information security research fields, where the research focus is on how to discover vulnerabilities effectively and reduce the harm. Among them, finding vulnerabilities by source code has achieved considerable success. However, a large amount of commercial software and shareware do not open their source code, moreover, the opening source code cannot be confirmed as the same as the binaries. Meanwhile, it also cannot find vulnerabilities caused by compilers. Therefore, discovering by binaries is of paramount significance. Most researches of binary vulnerability discovering focus on designing new platforms or improving the existing ones, in which third-party libraries are used on some binary code analysis platforms for implementation. Because most binary code analysis platform is not built specifically for discovering vulnerabilities, developers need to do a lot of extra and repetitive works when using them. Additionally, most of these platforms use C/C++ as their main language, which makes the development hard and slow, and developers with high qualities. To this end, we designed a special vulnerability discovering platform. The platform provides basic support for static analysis and dynamic analysis. For most commonly used dynamic analysis, we provide debugger and hooks as well as online or offline mode. In the assistant module of the platform, we integrate the skeleton of algorithms in vulnerability discovering over the past years, and provide a solid foundation of making new programs. Finally, the platform uses JavaScript as the development language by v8 engine, which makes the code both fast and efficient. Keywords: Software Security, Vulnerability, Platform, JavaScript, v8 目录 HYPERLINK \l _bookmark0 第一章 引言 1 HYPERLINK \l _bookmark1 1.1 漏洞挖掘研究背景 1 HYPERLINK \l _bookmark2 1.2 研究必要性 2 HYPERLINK \l _bookmark3 1.3 章节安排 3 HYPERLINK \l _bookmark4 1.4 本章小结 3 HYPERLI