基于依赖条件重构的程序符号值分析方法

符号执行在路径分析、调试和验证等软件分析过程中发挥着重要的作用.但是随着程序规模的增大，有效的执行路径数量程指数级增长，符号执行技术往往难以有较好的分析效果.符号执行分析中的两个瓶颈问题是路径条件表达式的提取和约束求解.状态合并是目前解决状态爆炸的常用分析方法，但是这种抽象的分析方法往往会导致错误的路径信息.依据符号执行引擎采用的搜索策略，符号执行工具在符号变量状态合并中可能会产生不可解的路径条件.提出基于依赖条件重构的程序符号值分析方法，通过综合分析各路径的路径条件逻辑表达式，提取共享的变量符号值从而提高变量状态合并的效率，同时采用逆向关联分析方法产生依赖条件集合从而提高路径分析的精度.实验结果表明该方法相对于传统的状态合并分析方法有更高的执行效率及分析精度.     

一种抵抗符号执行的路径分支混淆技术

程序在动态执行过程中泄露了大量的路径分支信息,这些路径分支信息是其内部逻辑关系的二进制表示.符号执行技术可以自动地收集并推理程序执行过程所泄露的路径信息,可用于逆向工程并可削弱代码混淆的保护强度.哈希函数可以有效保护基于等于关系的路径分支信息,但是难以保护基于上下边界判断的不等关系的路径分支信息.将保留前缀算法与哈希函数相结合提出了一种新的路径分支混淆技术,将符号执行推理路径分支信息的难度等价到逆向推理哈希函数的难度.该路径分支混淆方法在SPECint-2006程序测试集上进行了实验,试验结果表明该混淆方法能有效保护程序路径分支信息,具有实用性.     

基于符号执行的软件缓存侧信道脆弱性检测技术

缓存侧信道攻击的基础是程序针对不同敏感信息将访问不同的缓存地址.本文提出基于符号执行的缓存侧信道脆弱性检测技术,通过符号化敏感信息的数据传播过程定位潜在的脆弱点,并通过比较其可能的不同缓存访问地址,判断上述代码在缓存攻击中的可利用性.本文开发了原型系统CSCVulDiscover,并针对RSA等3种密码算法的12类实现代码进行测试,总共发现了125个脆弱点.     

一种改进的智能Fuzzing平台设计方案

随着软件安全问题的日趋严重,智能Fuzzing技术被广泛应用于漏洞挖掘、软件安全领域.基于符号执行和污点分析技术的各种智能Fuzzing平台相继诞生.该文首先以漏洞安全问题以及软件测试方法学为背景,介绍了智能Fuzzing技术中用到的理论,包括符号执行、污点分析等;然后介绍了现有成型智能Fuzzing平台,包括SAGE、KLEE、BitBlaze等,并且提出它们现存的主要问题;最后通过总结智能Fuzzing平台的可改进之处,提出了一种更有效的智能Fuzzing平台的设计方案,该方案基于全系统的符号执行技术,利用云计算平台进行调度,可以有效应用于商业级软件的Fuzzing工作.     

基于回溯与引导的关键代码区域覆盖的二进制程序测试技术研究

基于路径覆盖的测试方法是软件测试中比较重要的一种测试方法,但程序的路径数量往往呈指数增长,对程序的每一条路径都进行测试覆盖基本上是不可能的。从软件安全测试的观点看,更关心程序中的关键代码区域(调用危险函数的语句、圈复杂度高的函数、循环写内存的代码片断)的执行情况。该文提出了覆盖关键代码区域的测试数据自动生成方法,该方法基于二进制程序,不依赖于源码。通过回溯路径获取所有可达关键代码区域的程序路径,并通过路径引导自动为获得的路径生成相应的测试数据。路径引导策略基于程序的符号执行与实际执行,逐步调整输入,使用约束求解器生成相应的测试用例。理论分析与实验结果显示该文给出的方法可以降低生成测试数据所需要的运行次数,与传统的覆盖路径测试数据生成方法相比,所需要的运行次数显著降低,提高了生成测试数据的效率。     

状态定义条件下覆盖率引导反馈的协议模糊测试方法

模糊测试是软件测试与漏洞挖掘领域使用最广泛、最有效的方法之一，在内核、浏览器、文档、协议等软件的开发测试与漏洞挖掘中得到了深入的应用。通过研究基于状态定义条件下覆盖率引导反馈的协议模糊测试的方法，解决单纯通过覆盖率难以引导协议状态转移的问题，通过事先定义协议状态转移过程，将传统的局部最优的覆盖率引导扩大至全局最优的覆盖率。相较于传统协议模糊测试技术，在小样本情况下，所提方法大幅度提高了代码覆盖率；相较于Peach与Spike，代码覆盖提高最高达143.6%，路径覆盖提高最高达162.4%；在长时间运行过程中，相较于Peach的3种数据生成模式，在达到相同路径覆盖时，时间最多缩短98.9%。     

IXP2400数据平面的代码优化机制研究

着眼于对ixp2400的快速、高效开发，对其构造进行了整体分析。结合以对微引擎的微代码开发为核心开发的特点，研究了数据平面微代码开发的各个环节。对Intel公司提供的IXA可移植框架作了总体介绍并着重分析了其数据平面开发的结构特点及优化措施。总结了数据平面的微代码开发应采用的方式，提出了微代码开发中的优化开发方法。最后在实际的应用开发中加以实现，并给出了具体微代码模块的组织结构。     

基于覆盖率分析的僵尸网络控制命令发掘方法简

从僵尸程序执行轨迹对二进制代码块的覆盖规律出发,提出了一种僵尸网络控制命令发掘方法。通过分析执行轨迹对代码块的覆盖率特征实现对僵尸网络控制命令空间的发掘,根据代码空间是否被全覆盖来验证发现的僵尸网络命令空间的全面性。对僵尸网络Zeus、SdBot、AgoBot的执行轨迹进行了代码块覆盖率分析,结果表明,该方法能够快速准确地发掘出僵尸网络的控制命令集合,时间和空间开销小,且该命令集合所对应的执行轨迹可以覆盖僵尸程序95%以上的代码空间。     

基于符号执行的能耗错误检测方法

能耗是制约便携式智能设备发展的重要瓶颈.随着嵌入式操作系统的广泛应用,因不能合理使用操作系统的API而导致的能耗错误已经成为各种嵌入式应用开发过程中不容忽视的因素.为减少应用中的能耗错误,以符号执行技术为基础,根据禁止休眠类能耗错误的特点,设计了对应的能耗错误检测方法.该方法首先利用过程内分析,获得单个函数的符号执行信息.然后借助过程间分析对单个函数的符号执行信息进行全局综合,得到更为精确的执行开销、锁变量匹配等相关信息,以更好的检测能耗错误.同时,符号执行记录了对应的分支路径信息,利用该信息能够结合约束求解器较为方便的生成出错的测试用例,进而定位错误位置.通过示例和实验,验证了该方法在能耗错误检测方面的可行性和有效性.     

面向JRENative漏洞的寄存器符号化监测

Java语言是最为流行的编程语言之一,拥有非常大的用户群,其安全问题十分重要,其中JRENative漏洞逐渐成为研究热门。本项研究基于符号执行技术提出一种寄存器符号化监测方法,选取符号执行平台S2E作为漏洞挖掘工具,并且实现了针对JRENative漏洞挖掘的辅助插件SymJava和SymRegMonitor,基于OpenJDK和OracleJRE逆向代码进行源代码白盒审计并构建了用于进行漏洞挖掘的Java测试用例,最后对36个调用JavaNativeAPI的Java测试用例进行测试,发现了6个JRENative安全隐患,其中2个可被攻击者恶意利用。     

Symbolic execution optimization method based on input constraint

To solve path explosion,low rate of new path’s finding in the software testing,a new vulnerability discovering architecture based on input constraint symbolic execution (ICBSE) was proposed.ICBSE analyzed program source code to extract three types of constraints automatically.ICBSE then used these input constraints to guide symbolic execution to focus on core functions.Through implemented this architecture in KLEE,and evaluated it on seven programs from five GNU software suites,such as coreutils,binutils,grep,patch and diff.ICBSE detected seven previously unknown bugs (KLEE found three of the seven).In addition,ICBSE increases instruction line coverage/branch coverage by about 20%,and decreases time for finding bugs by about 15%.     

Effective Code Generation for Distributed and Ping-Pong Register Files: A Case Study on PAC VLIW DSP Cores

The compiler is generally regarded as the most important software component that supports a processor design to achieve success. This paper describes our application of the open research compiler infrastructure to a novel VLIW DSP (known as the PAC DSP core) and the specific design of code generation for its register file architecture. The PAC DSP utilizes port-restricted, distributed, and partitioned register file structures in addition to a heterogeneous clustered data-path architecture to attain low power consumption and a smaller die. As part of an effort to overcome the new challenges of code generation for the PAC DSP, we have developed a new register allocation scheme and other retargeting optimization phases that allow the effective generation of high quality code. Our preliminary experimental results indicate that our developed compiler can efficiently utilize the features of the specific register file architectures in the PAC DSP. Our experiences in designing compiler support for the PAC VLIW DSP with irregular resource constraints may also be of interest to those involved in developing compilers for similar architectures.

New marine information network for realizing all-coverage over sea

The marine information network and the involved information acquisition,transmission and integration were studied.Firstly,the developments,the research works and shortages of the marine information network were summarized.Then a new network architecture was proposed,which could achieve all-time,all-weather and all-sea area information coverage.The composition,system structure and technical architecture were stated in detail.Moreover,the key scientific issues,key technologies and application prospects of the information network were pointed out.The aim was to provide new research strategies for the development of marine information networks in China.     

Network-aware P2P file sharing over the wireless mobile networks

With the coming wireless mobile networks era and the popular use of P2P applications, how to improve the resource retrieval and discovery for P2P file sharing applications in wireless mobile networks becomes a critical issue. In this paper, we propose a novel network-aware P2P file architecture and related control schemes that can provide continuous resource retrieval and discovery for mobile users over the wireless network environment. The proposed architecture divides a P2P file sharing network into multiple network-aware clusters, in which peers are assigned to a network-aware cluster using a network prefix division. Accordingly, there are two designs for supporting mobile peers to retrieve files in wireless mobile networks. First, a novel file discovery control scheme named mobility-aware file discovery control (MAFDC) scheme is devised to obtain fresh status of shared peers and find the new resource providing peers in wireless mobile networks. Second, a resource provider selection algorithm is devised to enable a mobile peer to select new resource providing peers for continuous file retrieval     

适用于嵌入式五口SRAM的多频率内建自测电路

提出了一种多频率带有扫描链的 BIST方案 ,用于五口的 32× 32嵌入式 SRAM的可测性设计。分析了多口 SRAM的结构并确定其故障模型 ,在此基础上提出了一种名为“对角线移动变反法”( OMOVI)的新算法及其电路实现。与传统的“移动变反法”( MOVI)相比 ,在保证故障覆盖率前提下 ,测试图形的测试步数由原来的12 N log2 N减小为 N/ 2 +2 N log2 N( N为 SRAM的容量 )。该方案集功能测试、动态参数提取和故障分析定位于一体 ,而且具有很强的灵活性和可扩展性     

一种与CATV共缆传输的TD—SCDMA室分覆盖系统解决方案

本文从系统设计和应用的角度探讨了一种解决TD—SCDMA信号户内覆盖的新思路。详细介绍了利用现有CATV网络架构如何实现系统功能,以及系统设计原理和关键构成,通过试点应用总结了其在工程实际的应用模型,并分析了其在一些应用场景（如高层干扰控制、信号入户等）的应用特点。     

A Multi-Shared Register File Structure for VLIW Processors

The available instruction level parallelism allowed by current register file organizations is not always fully exploited by media processors when running a multimedia application. This paper introduces a novel register file organization, called multi-shared register file, that eliminates this superfluous instruction scheduling flexibility by reducing the number of read and write ports and partitioning the register file in a special ring structure. A parameterized generic VLIW architecture is used to explore different configurations of our proposed register file structure in terms of estimated silicon area, minimum clock period, estimated power consumption, and multimedia task processing performance. Moreover, a metric highly related to multimedia applications is introduced to study trade-offs between hardware cost and performance. The results show that by substituting a monolithic register file with an equivalent multi-shared register file, the estimated area and the power consumption are considerably reduced at the cost of a negligible performance degradation.     

An authenticated re‐encryption scheme for secure file transfer in named data networks

With the fast progress of the Internet and communication technologies, the digital communication is increasingly based on the architecture of TCP/IP. Nevertheless, in TCP/IP's architecture, there are limitations such as data uncertainty and flow overloading. In response to this, a novel architecture has been proposed, which is known as the named data network (NDN). Named data network is an alternative network architecture based on the data each user accesses. Users gain accesses to the data by using an adjacent router (node) that verifies the correctness of the data. In NDN, the router has the capability to store and search for the data. Hence, this architecture largely improves the disadvantages in TCP/IP's architecture. Named data network is a new proposal and relatively under‐researched now. Thus far, an adequate secure file transfer protocol is still unavailable for NDN. In some cases, files are broken or the source fails to authenticate, which results in the need to discover the owner of the file. Furthermore, we believe that NDN should involve an authentication mechanism in the secure file transfer protocol. In view of the above, this paper presents an authenticated re‐encryption scheme for NDN, which offers sender authentication, data confidentiality, and support for potential receivers. Finally, we also propose a security model for sender authentication and prove that the proposed scheme is secure.     

集中管控安全文件系统

在分析了集中管控系统中采用国外通用文件系统可能存在的问题的基础上,提出了自主研发国产化安全文件系统的必要性,并探讨了安全文件系统的实现技术,构建了一个从文件格式、文件访问接口、文件存储加密等方面来保护存储信息的安全文件系统体系结构,并采用专用文件浏览器、文件密级标识、文件访问日志等措施来规范和管理对敏感信息的使用,从技术上杜绝病毒、木马等恶意程序在文件系统内部的传播、感染,有效阻止病毒、木马对涉密文件的窃取。     

光模块内置OTDR数据及格式分析

为了满足日益增多的PON 的网络光纤检测需求,光模块内置OTDR 技术正在不断地发展完善,提出了基于光模块内置OTDR的PON系统架构中OTDR相关接口的数据传输接口功能和数据分析功能,确定了OTDR数据文件结构,分析梳理了OTDR的数据内容,定义了OTDR的数据格式,目的是能够实现通用的内置OTDR数据格式,促进内置OTDR技术产业发展成熟。