ÇѱÛÁ¦¸ñ(Korean Title) |
½Éº¼¸¯ ¸µÅ© °ø°Ý Ãë¾à¼º °ËÃâÀ» À§ÇÑ ºÐ¼® ±â¹ý |
¿µ¹®Á¦¸ñ(English Title) |
An Analysis Method for Detecting Vulnerability to Symbolic Link Exploit |
ÀúÀÚ(Author) |
ÁÖ¼º¿ë
¾ÈÁؼ±
Á¶Àå¿ì
Seongyong Joo
Joonseon Ahn
Jang-wu Jo
|
¿ø¹®¼ö·Ïó(Citation) |
VOL 15-A NO. 01 PP. 0045 ~ 0052 (2008. 02) |
Çѱ۳»¿ë (Korean Abstract) |
º» ³í¹®¿¡¼´Â ½Éº¼¸¯ ¸µÅ© °ø°Ý¿¡ Ãë¾àÇÑ Äڵ带 Á¤ÀÇÇÏ°í ÇÁ·Î±×·¥ ºÐ¼® ±â¹ýÀ» »ç¿ëÇÏ¿© À̸¦ °ËÃâÇÏ´Â ¹æ¹ýÀ» Á¦¾ÈÇÑ´Ù. ½Éº¼¸¯ ¸µÅ© °ø°ÝÀ» ÇØ°áÇϱâ À§ÇÑ ±âÁ¸ÀÇ ¹æ¹ýµéÀº ½Éº¼¸¯ ¸µÅ© °ø°ÝÀ» ¹æ¾îÇϱâ À§ÇÑ ±â¹ýµé·Î½á Àӽà ÆÄÀÏ¿¡ ´ëÇÑ Á¢±Ù ½Ã °ø°ÝÀÌ ÀÌ·ç¾îÁ³´ÂÁö¿¡ ´ëÇÑ ÀûÀýÇÑ °Ë»ç°¡ ÀÌ·ç¾îÁ®¾ß Çϳª, À̸¦ °£°úÇÒ °æ¿ì °ø°ÝÀÇ À§Çè¿¡ ³ëÃâµÇ°Ô µÈ´Ù. º» ³í¹®¿¡¼ Á¦¾ÈÇÏ´Â ¹æ¹ýÀº ½Éº¼¸¯ ¸µÅ© °ø°Ý¿¡ Ãë¾àÇÑ ºÎºÐÀ» ÀÚµ¿À¸·Î ¸ðµÎ °ËÃâÇÔÀ¸·Î½á ÇÁ·Î±×·¡¸Ó°¡ ½Éº¼¸¯ ¸µÅ© °ø°ÝÀ» ¾ÈÀüÇÏ°Ô ¹æ¾îÇÒ ¼ö ÀÖµµ·Ï ÇÑ´Ù. Á¦¾ÈÇÏ´Â ¹æ¹ýÀº Ãë¾àÁ¡ ºÐ¼®À» À§Çؼ ±âÁ¸ÀÇ Å¸ÀÔ ½Ã½ºÅÛ¿¡ »õ·Î¿î ŸÀÔ ÇÑÁ¤ÀÚ¸¦ Ãß°¡ÇÏ°í, Ãß°¡µÈ ŸÀÔ ÇÑÁ¤ÀÚ¸¦ °í·ÁÇÑ Å¸ÀÔ °Ë»ç¸¦ ÅëÇؼ ½Éº¼¸¯ ¸µÅ© °ø°ÝÀÇ Ãë¾àÁ¡À» ½Äº°ÇÑ´Ù. Á¦¾ÈÇÏ´Â ¹æ¹ýÀº ÀÚµ¿À¸·Î ½Éº¼¸¯ ¸µÅ© °ø°ÝÀÇ Ãë¾àÁ¡À» ¸ðµÎ °ËÃâÇÒ ¼ö Àֱ⠶§¹®¿¡, ÇÁ·Î±×·¡¸Ó°¡ Ãë¾àÇÑ °ÍÀ¸·Î ½Äº°µÈ Äڵ忡 ´ëÇؼ¸¸ ±âÁ¸ÀÇ ¹æ¾î ±â¹ýÀ» Àû¿ëÇϵµ·Ï ÇÔÀ¸·Î½á ÇÁ·Î±×·¥À» Àü¹ÝÀûÀ¸·Î °ËÅäÇϰųª ¼öÁ¤ÇØ¾ß ÇÏ´Â ºÎ´ãÀ» ÁÙ¿©Áشٴ ÀåÁ¡À» °¡Áø´Ù. Á¦¾ÈÇÏ´Â ¹æ¹ýÀ» ³Î¸® ¾Ë·ÁÁø ½Ç¿ëÀûÀÎ ÇÁ·Î±×·¥À» ´ë»óÀ¸·Î ½ÇÇèÇØ º» °á°ú Àüü fopen() ÇÔ¼ö Áß ÀϺθ¸ ½Éº¼¸¯ ¸µÅ© °ø°Ý¿¡ Ãë¾àÇÑ °ÍÀ¸·Î ºÐ¼®µÇ¾úÀ¸¸ç, ÀÌ´Â Á¦¾ÈÇÑ ¹æ¹ýÀÌ ÇÁ·Î±×·¡¸ÓÀÇ ºÎ´ãÀ» ÁÙÀ̴µ¥ À¯¿ëÇÔÀ» º¸¿©ÁØ´Ù. |
¿µ¹®³»¿ë (English Abstract) |
In this paper we define a vulnerable code to symbolic link exploit and propose a technique to detect this using program analysis. The existing methods to solve symbolic link exploit is for protecting it, on accessing a temporary file they should perform an investigation whether the file is attacked by symbolic link exploit. If programmers miss the investigation, the program may be revealed to symbolic link exploit. Because our technique detects all the vulnerable codes to symbolic link exploit, it helps programmers keep the program safety. Our technique add two type qualifiers to the existing type system to analyze vulnerable codes to symbolic link exploit, it detects the vulnerable codes using type checking including the added type qualifiers. Our technique detects all the vulnerable codes to symbolic link exploit automatically, it has the advantage of saving costs of modifying and of overviewing all codes because programmers apply the methods protecting symbolic link exploit to only the detected codes as vulnerable. We experiment our analyzer with widely used programs. In our experiments only a portion of all the function fopen() is analyzed as the vulnerabilities to symbolic link exploit. It shows that our technique is useful to diminish modifying codes. |
Å°¿öµå(Keyword) |
½Éº¼¸¯ ¸µÅ© °ø°Ý
°æÀï Á¶°Ç Ž»ö
È帧µ¶¸³ ºÐ¼®
¼ÒÇÁÆ®¿þ¾î Ãë¾àÁ¡
¼ÒÇÁÆ®¿þ¾î º¸¾È
SymboLic Link Exploit
Race Condition Detection
Flow-Insensitive Analysis
Software Vulnerabilitie
Software Security
|
ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|