软件与网络安全研究综述
作者:
基金项目:

国家自然科学基金(61572483,61572481,61602123,61572478,U1636204,61602457);上海市青年科技英才扬帆计划(16YF1400800)


Software and Cyber Security-A Survey
Author:
Fund Project:

National Natural Science Foundation of China (61572483, 61572481, 61602123, 61572478, U1636204, 61602457); Shanghai Sailing Program (16YF1400800)

  • 摘要
  • | |
  • 访问统计
  • |
  • 参考文献 [50]
  • |
  • 相似文献 [20]
  • |
  • 引证文献
  • | |
  • 文章评论
    摘要:

    互联网已经渗入人类社会的各个方面,极大地推动了社会进步.与此同时,各种形式的网络犯罪、网络窃密等问题频繁发生,给社会和国家安全带来了极大的危害.网络安全已经成为公众和政府高度关注的重大问题.由于互联网的大量功能和网络上的各种应用都是由软件实现的,软件在网络安全的研究与实践中扮演着至关重要的角色.事实上,几乎所有的网络攻击都是利用系统软件或应用软件中存在的安全缺陷实施的.研究新形势下的软件安全问题日益迫切.从恶意软件、软件漏洞和软件安全机制这3个方面综述了国内外研究现状,进而分析软件生态系统面临的全新安全挑战与发展趋势.

    Abstract:

    The Internet has penetrated into all aspects of human society and has greatly promoted social progress. At the same time, various forms of cybercrimes and network theft occur frequently, bringing great harm to our society and national security. Cyber security has become a major concern to the public and the government. As a large number of Internet functionalities and applications are implemented by software, software plays a crucial role in cyber security research and practice. In fact, almost all cyberattacks were carried out by exploiting vulnerabilities in system software or application software. It is increasingly urgent to investigate the problems of software security in the new age. This paper reviews the state of the art of malware, software vulnerabilities and software security mechanism, and analyzes the new challenges and trends that the software ecosystem is currently facing.

    参考文献
    [1] CNCERT Internet Security Threat Report——2016,6(in Chinese). http://www.cac.gov.cn/2016-08/01/c_1119418586.htm
    [2] National Computer Network Emergency Response Technical Team/Coordination Center of China. An investigation of security attacks relating to Ramnittrojan in China (in Chinese). http://www.cert.org.cn/publish/main/10/2016/20160422145241769412671/20160422145241769412671_.html
    [3] National Computer Network Emergency Response Technical Team/Coordination Center of China. Many IoT devices in China hijacked by Mirai botnet (in Chinese). http://www.cert.org.cn/publish/main/12/2016/20161201134333495740421/20161201134333495740421_.html
    [4] Skoudis E, Zeltser L. Malware:Fighting Malicious Code. Upper Saddle River:Prentice Hall Professional, 2004.
    [5] Sikorski M, Honig A. Practical Malware Analysis:The Hands-on Guide to Dissecting Malicious Software. San Francisco:No Starch Press, 2012.
    [6] Weaver N, Paxson V, Staniford S, Cunningham R. A taxonomy of computer worms. In:Proc. of the 2003 ACM Workshop on Rapid Malcode. ACM Press, 2003. 11-18. https://dl.acm.org/citation.cfm?id=948190
    [7] Dittrich D, Dietrich S. P2P as botnet command and control:A deeper insight. In:Proc. of the 3rd Int'l Conf. on Malicious and Unwanted Software. IEEE, 2008. 41-48.[doi:10.1109/MALWARE.2008.4690856]
    [8] Xu Z, Zhang J, Gu G, Lin Z. GOLDENEYE:Efficiently and effectively unveiling malware's targeted environment. In:Proc. of the Int'l Workshop on Recent Advances in Intrusion Detection. Springer Int'l Publishing, 2014. 22-45.[doi:10.1007/978-3-319-11379-1_2]
    [9] Song C, Royal P, Lee W. Impeding automated malware analysis with environment-sensitive malware. In:Proc. of the HotSec. 2012. https://dl.acm.org/citation.cfm?id=2372391
    [10] Castillo CA. Android malware past, present, and future. White Paper, McAfee Mobile Security Working Group, 2011. 1-16.
    [11] Zhou Y, Jiang X. Dissecting Android malware:Characterization and evolution. In:Proc. of the 2012 IEEE Symp. on Security and Privacy. IEEE, 2012. 95-109.[doi:10.1109/SP.2012.16]
    [12] Krahmer S. Zimperlich sources. 2011. http://c-skills.blogspot.com/2011/02/zimperlich-sources.html
    [13] Jiang X. Security alert:New DroidKungFu variant-AGAIN!-Found in alternative Android markets. 2011. http://www.csc.ncsu.edu/faculty/jiang/DroidKungFu3/
    [14] Fang Z, Han W, Li Y. Permission based Android security:Issues and countermeasures. Computers & Security, 2014,43:205-218.[doi:10.1016/j.cose.2014.02.007]
    [15] Bugiel S, Davi L, Dmitrienko A, Shastry B. Towards taming privilege-escalation attacks on Android. In:Proc. of the 19th Annual Network and Distributed System Security Symp. (NDSS 2012). 2012. 17-19. http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.468.8514
    [16] Marforio C, Francillon A, Capkun S. Application collusion attack on the permission-based security model and its implications for modern smartphone systems. Technical Report, Zürich:Department of Computer Science, 2011.[doi:10.3929/ethz-a-006720730]
    [17] Schlegel R, Zhang K, Zhou X, Intwala M, Kapadia A, Wang XF. Soundcomber:A stealthy and context-aware sound Trojan for smartphones. In:Proc. of the 18th Annual Network and Distributed System Security Symp. (NDSS 2011). 2011. 17-33. http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.363.1699&rep=rep1&type=pdf
    [18] Egele M, Brumley D, Fratantonio Y, Kruegel G. An empirical study of cryptographic misuse in Android applications. In:Proc. of the 2013 ACM SIGSAC Conf. on Computer & Communications Security. ACM Press, 2013. 73-84.[doi:10.1145/2508859. 2516693]
    [19] Sounthiraraj D, Sahs J, Greenwood G, Lin Z, Khan L. SMV-Hunter:Large scale, automated detection of SSL/TLS man-in-the-middle vulnerabilities in Android apps. In:Proc. of the 21st Annual Network and Distributed System Security Symp. (NDSS 2014). 2014.[doi:10.14722/ndss.2014.23205]
    [20] Qing SH. Research progress on Android security. Ruan Jian Xue Bao/Journal of Software, 2016,27(1):45-71(in Chinese with English abstract). http://www.jos.org.cn/1000-9825/4914.htm[doi:10.13328/j.cnki.jos.004914]
    [21] Chin E, Felt AP, Greenwood K, Wagner D. Analyzing inter-application communication in Android. In:Proc. of the 9th Int'l Conf. on Mobile Systems, Applications, and Services. ACM Press, 2011. 239-252. https://dl.acm.org/citation.cfm?id=2000018
    [22] Greengard S. Cybersecurity gets smart. Communications of the ACM, 2016,59(5):29-31.[doi:10.1145/2898969]
    [23] Zhou W, Zhou Y, Grace M, Jiang X, Zou X. Fast, scalable detection of piggybacked mobile applications. In:Proc. of the 3rd ACM Conf. on Data and Application Security and Privacy. ACM Press, 2013. 185-196.[doi:10.1145/2435349.2435377]
    [24] Chen K, Wang XQ, Chen Y, Wang P, Lee Y, Wang XF, Ma B, Wang AH, Zhang YJ, Zou W. Following devils footprints:Crossplatform analysis of potentially harmful libraries on Android and iOS. In:Proc. of the 37th IEEE Symp. on Security and Privacy, Ser. (S&P 2016). 2016.[doi:10.1109/SP.2016.29]
    [25] Backes M, Bugiel S, Derr E. Reliable third-party library detection in Android and its security applications. In:Proc. of the 2016 ACM SIGSAC Conf. on Computer and Communications Security. ACM Press, 2016. 356-367.[doi:10.1145/2976749.2978333]
    [26] Li MH, Wang W, Wang P, Wu DH, Liu J, Xue R, Huo W. LibD:Scalable and precise third-party library detection in Android markets. In:Proc. of the 39th Int'l Conf. on Software Engineering. ACM Press, 2017.[doi:10.1109/ICSE.2017.38]
    [27] Jing Q, Vasilakos AV, Wan J, Lu J, Qiu D. Security of the Internet of things:Perspectives and challenges. Wireless Networks, 2014, 20(8):2481-2501.[doi:10.1007/s11276-014-0761-7]
    [28] Cao Z, Hu J, Chen Z, Xu M, Zhou X. Feedback:Towards dynamic behavior and secure routing for wireless sensor networks. In:Proc. of the 20th Int'l Conf. on Advanced Information Networking and Applications-Vol.2. IEEE Computer Society, 2006. 160-164.[doi:10.1109/AINA.2006.179]
    [29] Jhaveri RH, Patel SJ, Jinwala DC. DoS attacks in mobile ad hoc networks:A survey. In:Proc. of the 2nd Int'l Conf. on Advanced Computing & Communication Technologies. IEEE, 2012. 535-541.[doi:10.1109/ACCT.2012.48]
    [30] Chen TM, Abu-Nimeh S. Lessons from Stuxnet. Computer, 2011,44(4):91-93.[doi:10.1109/MC.2011.115]
    [31] Douceur JR. The Sybil attack. In:Proc. of the Int'l Workshop on Peer-to-Peer Systems. Berlin, Heidelberg:Springer-Verlag, 2002. 251-260.[doi:10.1007/3-540-45748-8_24]
    [32] Hlavacs H, Treutner T, Gelas JP, Lefevre L, Orgerie AC. Energy consumption side-channel attack at virtual machines in a cloud. In:Proc. of the 9th Int'l Conf. on Dependable, Autonomic and Secure Computing (DASC). IEEE, 2011. 605-612.[doi:10.1109/DASC.2011.110]
    [33] Wu Z, Xu Z, Wang H. Whispers in the hyper-space:High-Speed covert channel attacks in the cloud. In:Proc. of the 21st USENIX Security Symp. 2012. 159-173. https://dl.acm.org/citation.cfm?id=2362802
    [34] Liu F, Yarom Y, Ge Q, Heiser G, Lee RB. Last-Level cache side-channel attacks are practical. In:Proc. of the IEEE Symp. on Security and Privacy. 2015. 605-622.[doi:10.1109/SP.2015.43]
    [35] Rocha F, Correia M. Lucy in the sky without diamonds:Stealing confidential data in the cloud. In:Proc. of the 2011 IEEE/IFIP the 41st Int'l Conf. on Dependable Systems and Networks Workshops (DSN-W). IEEE, 2011. 129-134.[doi:10.1109/DSNW.2011. 5958798]
    [36] Hong S, Xu L, Wang H, Gu G. Poisoning network visibility in software-defined networks:New attacks and countermeasures. In:Proc. of the 22th Annual Network and Distributed System Security Symp. (NDSS 2015). 2015.[doi:10.14722/ndss.2015.23283]
    [37] Dhawan M, Poddar R, Mahajan K, Mann V. SPHINX:Detectin??嵳??慵祲敩牴?唠???潡獣敫牳?????牯畦整杷敡汲?????楩牮摥慤?????祯湲慫浳椮挠?慮渺慐汲祯獣椮猠?潦映?浨慥氠椲挲楴潨甠獁?据潵摡敬???潴畷牯湲慫氠?楮湤??潩浳灴畲瑩敢牵?噥楤爠潓汹潳杴祥???づっ?????????????孎摄潓楓?????〩???猰??????ど??????祝?有崯?扤牳?嬮??崱‵?椲渳愰戶甴牝朼????刳漸祝愠汓?偯??卫栠慁爬椠晖?????攠敎?圠???瑮桯敭物??慤汥睮慩牡敬?慯湦愠汳祵獳楴獡?癮楡慢?桬慩牴摹眠愨牅敄?癓椩爠瑡畴慴污楣穫愠瑩楮漠湴?敥砠瑣敬湯獵楤漠湵獳???渠?健牢漭换??潳昮?瑉桮攺???瑣栮??????潥渠昱??潨渠??潴洧灬甠瑓敹牭?愮渠摯??潒浥浳略湡楲捣慨琠楩潮渠獁?却敡捣畫牳椬琠祉??????偯牮敳猬猠????い???????㈠?孒摁潉楄?????ㄩ?????????ぬ????????嵮?扥牲?孉??崧?堠畐?????楨湩杮???′地由?????爹礭瀴琷漱朮爠慨灴桴楰捳?是甯湬捩瑮楫漮湳?摲敩瑮敧捥瑲椮潣湯?椯湢?潯扫是由猰挮愱琰攰搷?戹椷游愭爳椭攳猱?瘭椱愱″户椹琭?瀣牰敡捧楥猽攴?猲礼浢扲漾汛椳挹?氠潚潨灡?洠慓瀬瀠楌湥来???湃?倠牌潵捩??漬映?瑵桡敮???琠桍??????卡祯洠灊??潃湬?卵敤挭畂牡楳瑥祤?慰湵摳?倭牳楴癹慬捥祤???ぢ??????????孳携潁椠??び?ㄠ?ぴ??卹倠????????嵩?扩牮?嬠??嵥?偣慬牯歵?夠??删敤敥癶敩獣??卭??即瑡慧浩灮?????敶物楣癥椮渠杉?挺潐浲浯潣渮?浯慦氠睴慨牥攠′戸整桨愠癁楮潮牵?瑬栠牃潯畭杰桵?来牲愠灓桥?捵汲畩獴瑹攠牁楰湰杬???潴浩灯畮瑳攠牃獯???匠敁捃畍爠楐瑲祥??水???????????????孛摤潯楩????ㄠ????樯?挴漲猰改?日????????そ?嵢?戾牛?嬰??嵔??楫慡湲杤?婃??奁楤湶????卤漠湰来?????潥潮歴?楴湨摲敥牡??搠敡湮瑤椠晨祯楷渠杴?愠湭摯?畩湴摯敲爠獡瑮慤渠摤楥湴来?洠慴汨睥慭爮攠?桥潴潷歯楲湫朠?扥散桵慲癩楴潹爬猠?‰?渱?倲爰漱挱??漩昺?琶栭攱?丮敛瑤睯潩爺欱‰???椱猶琯牓椱戳电琳攭搴?匵礸猨琱攱洩?匰攰挸甶爭椱瑝礼?卲社浛瀴??㈠がど???????栠瑁琬瀠???挠楄琮攠獅敶敩牤硥?楣獥琠?灦猠畡?敶摡畮?癥楤攠睰摥潲捳?摳潴睥湮汴漠慴摨?摥潡楴?????????????㈠??爠敭灡?牷敡灲??瑦祯灲攠?灯摬晩?扩牣?孬?づ嵳?坩畯??????慉潮?????圮攠楯?吠????收整?????圧畬??偯???爠潯楮搠浍慡瑬??湩摯牵潳椠摡?浤愠汕睮慷牡敮?摥敤琠敓捯瑦楴潷湡?瑥栠爨潍畁杌桗?浒慅温椮映敉獅瑅?愬渠搲‰?倱??挱愰氲氭猱‰琹爮慛捤楯湩机?‰?渱?倰爹漯捍??潗晁?瑅栮攲‰?琱栮??猱椲愳″?潝椼湢瑲 ̄?漴渲晝??潵湥??渠晁漬爠浙慥瑮椠潔湆?匠敓捨略牲楬瑯祣???獯楬慭????卮?????????????????????孡摮潣楥?ㄠば???ど???獮楴愠???卥???ㄠ????嵲?扣爮?孯?ㄠ嵴??甠爵杴畨攠牕慓????娠畗牯畲瑫畳穨慯?唠??丠慌摡橲浧?吭敓档牡慬湥椠?卸???物潴睳搠牡潮楤搠??敥桲慧癥楮潴爠??慲獥敡摴?洮愠氲眰愱爲攮?摨整瑴数捳琺椯漯湤?献祡獣瑭攮浯?晧漯牣??湡摴物潯楮搮???渿?偤爽漲挲??漳昴″琼桢敲 ̄?猴琳?????坮漠牃欬猠桄潥灢?潡湹?卓攮挠畏牢楦瑵祳?慡湴摩?偮爠楯癦愠捥祸?楣湵?卡浢慬牥琠灣桯潤湥攠獴?愠湩摭??潯扶楥氠敲??敩癳楴捡敮獣??????側牡整獩獣???び??????????孉摮漺楐??っ?ㄠ?????づ???????至き?????崮?扯牮?孃??嵰??桥敲渠?婮????業?兵???婡桴慩湯杮?倠???極湲杩?坹????慍琠慐?捥桳慳爬愠挲琰攰爳椮猠琲椹挰猭?戹愹献敛摤?歩攺爱渰攮氱?洴愵氯眹愴爸攱‰搹攮琹攴挸琱椴漹湝??割甾慛渴??椠慍湯?塥畲攠??愠潋??潥畧牥湬愠汃?漠晋?卲潤晡琠睅愮爠敌???ぴ???????????ㄠ????????椠湦??栠業湡敬獷敡?睥椠瑤桥??湣杴汩楯獮栮?慉扮猺瑐牲慯捣琮???栠瑴瑨灥???睲睤眠?橮潮獵?潬爠权?捭湰??づひ?????????㈠??桰瑬浩季摡潴楩??び???????橉?捅湅欬椠?樰漰猷??????名?崰?扛牤?孩??崰??栱爰椹猯瑁潃摓潁牃攮猲挰田?????格慢?匾??匵敝猠桍楡愠?半???卡潮湤杢?????牳祥慤渠瑩?剴??卬敩浧慥湮瑴椠捭獡??睡慲牥攠?浮慡汬睹慳物敳?摴敥瑣敨据瑯楬潯湧???湨?偄爮漠捔??潳晩?瑝栮攠??どな???????卶祥浲灳??潹渠?卦攠捃畨物楮瑥祳?愠湁摣?偤牥業癹愠捯祦??卣?健??づび???‰??????至とど????㈠????嬠摅潮楧??び?ㄠ?ぢ??卲偡??〩?????嵛?戶牝?孋??嵢??楳牣摨愠?????牲畤敡朠故氬?????慧湥歬猠????器楥朠湰慯?????敦洠浰敲牯散牲?剳????整桩慯癮椺潄牥??慣獴敩摯?猠灡祮睤愠牭敩?摩敧瑡整捩瑯楮漠湯???湸?偣牵潴捩??漭晳?瑡桬敬?啮獧攠湭楡硬?卣敩捯畵牳椠瑣祯??金?ぉ??????栮琠瑯灦???捥椠琱攸獴敨攠牁硃?椠獃瑯?灦献甠?敮搠畃?癭楰敵睴摥潲挠?獮畤洠浃慯牭祭?摮潩楣??ど???ㄠ??????????扁牃?嬠??嵥??甬挠栲猰??倮?′?栵愭甲搹栶甮牛楤?????漮猱琱攴爵??匰??匷挰?渮搠爲漰椴搶??田瑝漼浢慲琾敛搴?獝攠捋畨牡楲瑲祡?挠敁爬琠楒景楢捥慲瑴楳潯湮?潗昬??湡摬牺潡楲摯????い???桩瑬瑧灥猠???睋睩睲?牡攠獅攮愠牃捵桴杴慩瑮敧?湴敨瑥?灇畯扲汤楩捡慮琠楫潮湯?呼休???????彮卤?慲渠?牨潥椠摨彯?畤琠潯浦愠瑲敡摮彳獯敭捷畡牲楥琠祡彴捴敡牣瑫楳昮椠捉慮琺楐潲湯彣漮映彯?渠摴牨潥椠摉彮慴瀧灬氠楃捯慮瑦椮漠湯獮?扄牥?孥??嵩??栠慯湦?偉偮????畩楯??????夠楍畡?卷????爠潡楮摤挠桖敵捬歮敥牲??湩慬汩祴穹椠湁杳??湳摳牭潥楮摴?愠灓灰汲楩据慧瑥楲漠湉獮?昧潬爠?捵慢灬慩扳楨汩楮瑧礬?氲攰愱欵???湯?债爱漰挮?‰漰昷?琹样攸??琭栳????‰?漵渰昭??漱湝?卢敲挾畛爴椸瑝礠?慯湯摧?健爠楌癌慃挮礠?楯湯?坬楥爠敐汬敡獹献?慁湬摬??潯扵楲氠敥?乴敥瑲睴潡物歮獭??????偮特敷獨獥??㈠べ?????金??????嬠摨潴楴????????????????????????嵣?戮牵?嬯??崱′匯挰栳甯汩瑮穴??????獮歧椭湧????婥愭摰潬歡????婬愭摹潯歵????卭瑬漼汢晲漾?匴????慯瑶慡?浨楥湶楡渠杁?洠故瑦桦潩摣獩?普潴爠?摯敤瑥攠捯瑢楦潵湳?潡晴?湯敮眠?浯慲氠楁据楤潲畯獩?攮砠敉据町瑐慲扯汣攮猠???湴?健爠潉据??潬映?瑯桮敦?㈠はのㄠ??????卥祳洠灩??潉湮?卯敲捭畡牴楩瑯祮?慔湥摣?偮牯楬癯慧捹礮??????????ぉ?????????孩摳潨楩?????????匠??倴刭??代?せ???呼?日??崰?户爯?嬷??崳?刳椱改挭欰″??″吭爷楟渱椰畝猼?偲??圵椰汝氠敆浡獲?????漬氠穂?呡???畬琠潁洬愠瑌楡捸?慩渠慖氬礠獇楡獵?漠晍?洬愠汃睯慮牴敩?才攬栠慒癡楪潡牲?番獡楮渠杍?洠慅捶桡楬湵敡?汩敯慮爠湯楦渠杁???潯畩牤渠慡汮?潩昭??潬海灡畲瑥攠牴?卣敨据畩牱極瑥祳???ち?????????????????孯摤潥椠??て????????匮??の?ぐ?は???嵯?戠牴?孥??嵅??洠漱猳????呮畴爧湬攠牃????圠桯楮琠敔?????瀠灓汥祣極湲杩?浹愠捡桮楤渠敐?汩敶慡牣湹椠湩杮?捃汯慭獰獵楴晩楮敧爠獡?瑤漠?摯祭湭慵浮楩捣??湩摯牮潳椮搠?浅慅汅眬愠爲攰?搴攮琠攴挱琴椭漴渲?愮瑛?獯捩愺氱攰???渰?倯牔潲捵??潃景?琮栲攰??琮栵??渼瑢?氾?圵椱牝攠汌敩猠獌??潂浩浳畳湹楡据慤琦椣漲渳猳※愠湔摆??潏扣楴汥敡??潄洬瀠畋瑬楥湩杮??漮渠晄????坲?????????????づ??????????????孲摴漠楷??ぬ???ひ???坡?????ぬ?????????の?嵲?扩牤?孡?ば嵳?匠慉摮攺材桲楯?????愠杴桨敥爠椲‵????慮牴挧楬愠??????瑯慮砠潓湯潦浴祷?慲湥搠?煥畳慴汩楮瑧愠瑡楮癤攠?据潡浬灹慳物楳献漠湁?潍映?灲牥潳杳爬愠洲‰愱渶愮氠礳猱椸猭″琲改挮桛湤楯煩町攱猰?昱漱爴‵猯攲挹申爱椰琳礷?愲猹猳攱猰猴洴敝渼瑢?漾晛‵愲湝搠牒潡楳摴?獧潩映瑖眬愠牃敨???????呩牡慮湧猠??漠湄?卯潩晤瑣睨慡牭敥??湯杮椺湅敶敡牬極湡杴???????孲摯潩楤??の???ね??呷卡??㈠ち????????ひ?嵮?扦牯?孭??嵩??甠楡????呫桳攮?慉湮愺汐祲獯楣献?慯湦搠?牨敥猠攸慴牨挠桁?潍晓?灇牓潁硃礠?慹湭摰?嘠偯乮?捉潮浦浯畲湭楡捴慩瑯楮漬湃?獭潰晵瑴睥慲爠敡孮?匠??呭桭敵獮楩獣嵡???敮楳樠楓湥杣??敩楴橹椠渨杁?啉湁楃癃敓爠猲椰琱礳?漮映′倰漱猳琮猠″愲渹搭″吳攴氮攠捨潴浴浰町港椯捤慬琮楡潣湭献???????楡湴??桮椮湣敦獭政?睤椽琲栴??渳朵氵椼獢桲 ̄慛戵猳瑝爠慅捧瑥???才爬?孓??嵯?坴楥氠桔攬氠测?????桅椬甠敋桲?呥????晃漮爠捁攠摳?獲慶浥灹氠敯摮?敡硵整捯畭瑡楴潥湤?慤灹灮牡潭慩捣栠?瑡潬?歡敲牥渭敡汮?牬潹潳瑩歳椠瑴?楣摨敮湩瑱極晥楳挠慡瑮楤漠湴???湳?倠牁潃捍??潯晭?瑵桴敩?坧漠牓歵獲桶潥灹?漠渨?剓敕捒攩測琠′?搱瘲愬渴挴攨猲?椺渶??湤瑯物町猱椰漮渱??攵琯攲挰琸椹漱渲???攰爸氹椱渲???敢楲搾敛氵戴敝爠杗?卬灬牥業湳朠敃爬?噈敯牬決愠杔???ひづ???????金???孷摡潲楤??ふ??ねち??????????っ?????ち?づ张??嵡?批牳?孳??嵳??潧猠散牷?????牯畸攮朠敉汅?????楣牵摲慩?????硤瀠汐潲物楶湡杣?洬甠氲琰椰瀷氬攠‵攨砲攩挺申琲椭漳渹?灛慤瑯桩猺?昰漮爱?洰愹氯睍慓牐攮′愰渰愷氮礴猵楝猼???湛?倠牧潥据??潩晣?瑤桹敮??どっ???????卡祮浡灬??潩湳?卦敲捡畭牥楷瑯祲?愮渠摉?债牐楲癯慣挮礠??匠側???ぉ??????????㈠はの???????????孥摳潴楩?????????卡偬??どび????嵓?扁爠?嬰??崩??慌摯慮牤?????愰渰攷献栠?嘹??倲愰眶氮漠睨獴歴楰?债????楷氮汣??????湣杨氮敥牤??剦???塁???甮瑏潲浳慯琯楰捡慰汥汲祳?杣敬湡敵牳慥琮楬湩朮?楲湳灯甮瑉獓?潔晁‰搷攮慰瑤桦??????吳牝愠湃獵??潗測??湥晩潮牡浤慯琠楍漬渠?慨湡搠?卋礬猠瑆敲浡?卡敮捴畯牮楩瑯礠??㈠かづ???????????孒摥潴楲??づ?????????で?っ?????び???崠?扥牶?孲??崠??潥浣灵慴物敯瑮琠楦?偯???卡慲汴癩慡湬攠獭捥桭楯?????業牰摳愮?????潲汯扣椮琠獯捦栠?????爸畴敨朠敉汮硴????婯慮湦攮爠潯?匠???摴敷湡瑲楥映祅楮湧杩?摥潥牲浩慮湧琮?昲田渱挶琮楛潤湯慩氺椱琰礮?椱渴‵洯愲永眸愴爷攸?瀮爲漸朸爴愸洴猴???湲?偛爹漴捝??潵映?琬栠敍?㈠い????????匬礠浘灩??漠湘?匠敗捡畮牧椠瑐礬?慌湩摵?偐爮椠癃慒捅祄?????????びㄠぬ????????孡搠潭楥??ひ?ㄠ?は??卵偰??は?????嵮?扲牡?孩??嵴??湷捩歴?圠???楲氠扣敯牲瑥?偤???愮渠?卮??呲敯湣搮甠汯武愠牴?噥???桓甠渲‰?????漰砱??偛???町渱朰?????振搲愹渷椶攷水?倮??匷核攳琴栰??乢? ̄呛愹椵湝琠?物潤楩摲??湬?極渭晄潯牵浳慫瑯楳漠湓?映汌潡睨?瑩牮慥据欠楅測朠?獩祴獴瑥敮浨?晵潳牥?牎攬愠汐瑩楳浥敬?灩爠楐瘬愠捌祯?浧漠湆椬琠潋物業渠杄?漠湒?獮浡慲牤琠灍栮漠湔敡獲??????呡牵慴湯獭??潩湣??潮浴灥畲瑧敥牲?卯祶獥瑲敦浬獯???ど???????????孮摧漠楧??ぬ?????????????嵤?扴物?孮??崠??桡牮楣獨琠潥摮潦牯敲獣捥畭?????桉慮?卐???爮甠敯杦攠汴?????楐湌楏湓朠′猰瀱攵挮椠昲椰挱愵琮楛潤湯獩?漱昰?洱愱水椵振椲漷男猵‰戵攴栮愠瘲椶漹爴???湝?偢牲漾捛??潝映?瑥桷敳??獥琠??渠摓楯慮?匠潄昮琠睄慹牮敡??湣朠楴湡敩敮牴椠湡杮??潹湳晩??????偭牡整獩獣???ぴづ????????孮摡潬楹??び?ㄠ???????????????????嵡?扩牯?嬠??崠?婸桰慬湯杩?????婡潣畫?圠???慣湯?塭????特椠癳敯?扴祷??潥眮渠汉潮愺摐?浯散挮栠慯湦椠獴浨獥?愱渲摴?搠敎晥整湷獯敲獫??剮畤愠湄??楴慲湩?塵畴敥??慓潹??潥畭牳渠慓汥?潵晲?却潹映瑓睹慭牰攮?′日??????????????????楣湥??桭極渮敥獤敵?睾楤瑡桷??湯杮汧椯獰桡?慥扲獳琯牴慡捩瑮???桥瑣瑫瀮???眼睢睲?橛漹猷?漠牗杵?捒測??とちの???水???????栠瑓浃嬬搠潋楩?ㄠこ??????卨偬????はひ???っ???の????嵡?扨物?孧??嵡??潴浳洠潢湡?癥畤氠湯敮爠慣扲楡汳楨琠楳整獡?慫湳搮?敉确瀺潐獲畯牣攮猠??栠瑴瑨灥猠???挴瘠敉?浴椧瑬爠敓?潭牰朮?扯牮?孓?て嵴??慲獥猠?呥???牮畧戠敡牮??????杹汳楩浳瀮猠攲‰椱渴琮潛?瑯桩攺?昰甮琱由爴攵?漲昶?椰搳???漲朶椱渰?匸瀶敝挼楢慲氾??猸獝甠敂??湭瑬牥畹猠楄漬渠??敯瑳敡据瑫楡潭渠??吠桓敯?啧匠?丬?塚??獮獧漠捊椮愠瑁極潴湯??慴杩慣稠楰湡整?????????づ?????扴爠?孥??嵲?却畩湯?????楰??偳??婬敥渺杔?兣???危瑵慥瑳椠捡慮汤氠祩?摰敬瑩散捡瑴?慯湮摳?爠畉湮?瑐楲浯散?挠桯敦挠歴?楥渠瑉故杅故爠?批慭獰攮搠?癮甠汓湥散牵慲扩楴汹椠瑡楮敤猠?睲楩瑶桡?楹渮映潉牅浅慅琬椠漲渰‰昸氮漠眱?″刭由愵渷??楤慯湩?報田攮??愰漹??潐甮爲渰愰永?漱昷?匼潢晲琾睛愹爹敝???ちㄠ??㈠??ㄠ???至?????????楮湧??栮椠湐敖獄敆?睁楮琠桡??湯杭污楴獩档?慰扡獴瑣牨愭换瑡???栠瑶瑵灬???睡睢睩?橩潴獹?潤牥杳?捲湩??どはの???????????桧琠浭孥摴潨楯?????????卣倮???ㄠぴと??至は???の????嵩?扮牳?孓??嵵??牴畹洠汃敯祮????偅潔漬猠愲渰欱愴洮?倱??匮潛湤杯???‰娮栱攰渴朹?????田琱漴洮愰琷椳挳?瀼慢瑲挾桛?戰愰獝攠摚?敡确灧氠潍椬琠?杩敮渠效爮愠瑁極潴湯?楡獴?灣漠獧獥楮扥汲敡?呩敯据栠湯楦焠當敵獬?慥湲摡?楩浬灩汴楹挭慳瑰楥潣湩獦???湰?側牣潨捥??潦景?琠桰敲??づの???????卭祰浯灮??潴渠?卩敪捡畣牫楩瑮祧?慡湴摴?偣牫楳瘮愠捉祮??卲偯?金?は???????????どつ???????????孮搠潳楥??ひ??????印偲??でづ????嵴?扬爠?孵??嵩??慩摮慧爬?????甮渠戴愵爭?????湯杩氺攱爰???‰?????唭渳愭猳猱椹猭琴攷搸?愲渭搸?愴畝琼潢浲愾瑛椱挰?杝攠湃敨牡愠瑓楋漬渠?潶晧?桲楩杮桯?挠潔瘬攠牒慥杢敥?瑴攠獁琬猠?晲潵牭?捥潹洠灄氮攠硕?獬祥獡瑳敨浩獮?瀠牭潡杹牨慥浭猠???湢?偮牡潲捹??潯晤?琮栠敉?伺卐???金?は????づ????桅琠瑓灹???稠潯潮?捓獥?祵慲汩整?攠摡畮?挠汐慲獩獶敡獣?挮猠????水????戲椮戠?攸渰札氳改爴??此汯敩攺?瀰搮昱?戰爹?孓??崲‰?漲搮攳昱牝漼楢摲 ̄偛?‰?敝瘠楗湡??夠???漠汓湵愠牐?????畑琬漠浙慩瑮敧搠?眬栠楙瑡敮执漠硙?映畆穥穮?琠敄献琠楁湵杴???湴?偣爠潰捯??潭景?瑰桨敩?ㄠ?瑸桰??湩湴甠慧汥?乥敲瑡睴潩牯歮?慦湯摲??楯獦瑴牷楡扲略琠敶摵?卮祥獲瑡敢浩?卩整捩略牳椮琠祉?区祐浲灯???乯?匠却???ぉ????㈠ぃは???栠瑯瑮瀠???睵睲睩?浹椠捡牮潤猠潐晲瑩?捡潣浹?敩湮?畃獯?牭敵獮敩慣牡捴桩?睮瀠?捹潳湴瑥敭湳琮?畓灰汲潩慮摧獥?㈠ぉの??ぬ??瑵牢??びと?????瀲搰昱?戮爠?嬱??崲″?渮杛汤敯物?????栰攰渷??夷???愭氳氱改洭‰匴???栭漱畟?????桲放汛昱‰????畵朠獈愬猠?摨敵癡椠慚湌琬?扁敤桲慩癡楮漠牓???条數湥敮牡愠汐?愠灌灩牡潮慧挠桚?琠潁?楴湯晭敡牴物楣渠杧?敮牥牲潡牴獩?楮渠?獦礠獤瑡整浡猭?捲潩摥敮???渠?偸牰潬捯??潳昮?瑉桮攺?????匠祯浦瀠??潥渠′伴灴敨爠慕瑓楅湎杉?匠祓獥瑣敵浲獩?偹爠楓湹捭楰瀮氠攨獕??华佉単倠????ひど???????㈩??栲琰琱瀵???眷攷戭?猹琲愮渠晨潴牴摰?攺搯甯?繷敷渮杵汳敥牮?摸攮癯楲慧港瑳?獳潴獥灭?て??灥摳是?扯牮?孥??嵮?奥愯浵慳来畮捩桸楳????坩牴敹猱猵港敳来杣攱爵?????慲猭捨潵渮????剢楲放捛欱‰????桵甠捈欬礠??硩灮潤獥椠湓本?流楤獲獩楡湮朠?挬栠敃捨歵獡?楚湌?猠潓畡牸捥敮?挠潐搬攠?晩潡牮?瘠畚氮渠敄牡慴扡椭汏楲瑩祥?摴楥獤挠潰癲敯牧祲???湩?偧爺潏据??潨晥?瑥桸数??び???????卯??卮????潯湮晴??潬渠??潴浡瀠畡瑴整牡????漠浉浮町湐楲捯慣琮椠潯湦猠?卨敥挠畓爦楐琠礲??财?ㄠ?????????ば?嬯搯潩楥??へ????????づ?????????????嵴?扭牰?孪??崿??牮極敭换潥???‵?父椵渴戵氼慢瑲 ̄???‵啝稠慈汯????剣慫眠慐琬?午???敓椬猠瑊?????漬甠湓楣敨牥????呲漠睓愬爠摗?汴慨牥杲敡?獬挠慄氮攠?癨略汳湥攠牡慲扥椠汮楯瑴礠?摨楥猠捤潲癯敩牤祳?畹獯極渧杲?洠慬捯桯楫湩敮?氠敦慯牲渺楒湥杴???湩?側物潮捧??潮晤?瑯桩敤??潯搠慰獲灯祴??????????????孩摭潰楥??は??ㄠ????????ど???????呼ぐ嵲?扣爮?孯??嵴?奥椠渱????十潃湍朠????吮攠浯畮??楯湭慰牵祴?捲漠摡敮?愠湃慯汭祭獵楮獩?癡楴慩?睮桳漠汓敥?獵祲獩瑴敹洮?汁慃祍攠牐敲摥?慳測渠漲琰愱琱椮癛敤?敩砺攱挰甮琱椱漴渵?′吰攴挶样渰椷挮愲氰?制攷瀸漰牝琼??唾??????博??ふㄠす?????敮牧欠敘氬攠祊????匠??攠灆慲牥瑥浨攠湖瑗??啔湡業癩敮牧猠楩瑮祦?潲晭??慩汯楮昭潳牴湥楡慬?????ね??扴牰?孯??崠??数湬摩散牡獴潩湯????偯牮愠歁慮獤桲????央愠湉??????甮?塯???慨步攠?楮瑴?睬漠牃歯??洮愠歯敮?楔瑲?牳楴朠桡瑮??浔慲歵敳?楷瑯?晴慨獹琠??畭楰汵摴楩湮杧?愠?灥汲慬瑩普漬爠浈?湩敤略瑬牢慥汲?眺桓潰汲敩?獧祥獲琭敖浥?摬祡湧愬洠椲挰?戱椮渠愹爳礭?愰渷愮汛祤獯楩猺?瀰氮愱琰昰漷爯洹???渳?倶爴漲挭??漵昹?琭栵敟??匼卢呲??㈱??????ぷ????栬琠瑓灨???睋睇眮?捌獯?畡捴物?敮搠異?繩桶敡湣杹?灰畲扯獴?楣獴獩瑯慮ㄠ??灲搠晳?扡牲?孰?は嵮??敵浳敥牲汳椮猠?噮债??偮潧爠瑍漬欠慌汩椠摎椬猠?????敐敲?????敦爠潴浨祥琠椲猰????汃楍戠摓晉瑇?偁牃愠捃瑯楮捦愮氠?摮礠湃浯慭楰捵?摥慲琠慡?晤氠潃睯?瑭牵慮捩正楡湴杩?普潳爠?捥潣浵浲潩摴楹琮礠?獣祯獴瑴敳浤獡???湁?偍爠潐捲??潳昬?琲栰攱?嘮??″代??特??监ぢ?资?嬱搰漸楝??づ???????ㄠ???㈠?????????嵫?扨物?嬠??崠??慨湡杮??????捣捫慤浲慯湩瑤?協??偤潩潮獧愠湰歲慩浶?偣??卦潯湲朠?????呣?????礠湦慵浮楣捴?瑯慮楡湬瑩?慹渠慯汮礠獳業獡?睴楰瑨桯?瑥慳爮朠敉瑮攺摐?捯潣渮琠牯潦氠?晨汥漠眱′灴牨漠灗慯杲慫瑳楨潯湰???渠?偯牢潩捬??潃景?瑰桵整?乮敧琠睓潹牳歴?慭湳搠??楤猠瑁牰楰扬畩瑣敡摴?卯祮獳琮攠流?卍攠捐畲牥楳瑳礬?匲礰洱瀱???丹?匵匴??つ????‰金?????栲琱琸瀴猴???瀲攱漸瀴氵攰?敝攼换獲?扛攱爰欹敝氠敐祥?敲摣略?繐搬愠睆湥獬潴渠杁?瀬愠灎敵牮獥?㈠ぇ?ㄠ╗?で摮瑥慲???渠摁獤獤???灤携晐?扩牶?孬??嵥??汥慰畡獲敡?????楦?坲??佰牰獬潩?????祮瑳愠湡?捤椠慡瑤楶潥湲???づ??????ぁ???は????扉牮?子???崮??慦挠歴敨獥?????畁权楍攠汓?卭???敯牮氠楉湮杦?卲??却瑩祯灮?删敃歯潭睰獵歴祥?倠???渠摃牯潭業摵?獩散捡畴物楯瑮祳?晓牥慣浵敲睩潴特欮??硃瑍攠湐獲楥扳汳攬?洲田氱琲椮?氷愱礭攷爲攮摛?慯捩挺攱猰献?挱漴渵琯爲漴氱?漴渵??渠搲爴漱椴搴???渼?偲爾潛挱?‰潝映?瑨桥敫??ひ琠桓??湄湩略慴決??漬洠灗畡瑬敬牡?卨攠捄畓爮椠瑁祄??灬灩汴椺捓慥瑰楡潲湡獴??潧渠晳??????偯牮敥猠獡???ひ??????????孭搠潡楰??ど???????????????????水??嵤?戠牐?孯?金?嵯?娠桴慨湥朠′失??夠慕湓杅?????略?????桹攠湓????删敂瑥桬楬湥歶極湥机?灓故牎浉楘猠獁楳潳湯?敩湡晴潩牯据攬洠攲渰琱′洮攠挵栵愳渭椵猶洷?漼湢?派潛戱椱氱敝?獚票獡瑮敧洠獘???????呡牴愠湁猬??潵渠??渠晁潆牲浡慭瑥椺潉湳??潡牴敩湮獧椠捡獤?慥湲摴?即敥捭略牮楴瑳礠???ねㄠ?????????????????の?嬠摩潮椠??つ???つ??呉??卐??っ??????????崹?扨爠?孮???嵬?坃慯湭杰?剴???湓捥正?坲??剹攠敁癰数獬????婩桯慮湳朠?塯????十??渠摐牲潥楳摳??甲琰漱洳愮琠椹挭?瀸漮汛楤捯祩?愱渰愮氱礱猴椵猯′愵渲搳?爴改昮椲渵攲洳收渵琲?昼潢牲 ̄獛攱挱甲牝椠瑗祵?敃測栠慚湨捯敵搠??渠摐牡潴楥摬?癋椬愠?汩慡牮杧攠?猬挠慊汩敡?獧攠浘椮?獁畩灲敂牡癧椺獂敯摯?汴敩慮牧渠楳湭条???湨??略渠杲????整摡??健爠潴捯??潡晬?瑡桲敥???瑦桥?啴卩?乮?堠?卮攺捂畡牵楥瑲礠?匬礠浥灤??坐慲獯档椮渠杯瑦漠湴?啥匠?丱?塴??獮獮潵捡楬愠瑎楥潴湷?????????????????扥牤?孓??ぴ嵥??潓睥慣湵????倠畓?????愨楎敄牓???‰?椴温琮漠湓????坩慥汧灯漺汉敮????卥瑴愠捓歯?畩慥牴摹??甲琰漱洴愮琼楢捲 ̄慛搱愱瀳瑝椠癌敩?搠教琬攠捚瑨楯潵渠?愬渠摃?灥牮攠癋攬渠瑃楨潥湮?潈昬?托畩晡映教爮?潔癨敷牡晲汴潩睮?愠瑭瑥慭捯歲獹???湳?剬畯扳極湲????整摨??偦牦潩捣??潮晴?瑨桹数??潶湩晳??漭湥?啦獯敲湣楥硤?卩敮捴畲牡椭瑤祯?卡祩浮瀠??卯慬湡??湯瑮漮渠楉潮?啐卲?乣?堠??猠獴潨捥椠愲琲楮潤渠??????????????f. on Computer and Communications Security. ACM Press, 2015. 1607-1619.[doi:10.1145/2810103.2813690]
    [114] Kurmus A, Zippel R. A tale of two kernels:Towards ending kernel hardening wars with split kernel. In:Proc. of the 2014 ACM SIGSAC Conf. on Computer and Communications Security. ACM Press, 2014. 1366-1377.[doi:10.1145/2660267.2660331]
    [115] Zhou Z, Yu M, Gligor VD. Dancing with giants:Wimpy kernels for on-demand isolated I/O. In:Proc. of the 2014 IEEE Symp. on Security and Privacy. IEEE, 2014. 308-323.[doi:10.1109/SP.2014.27]
    [116] Nikolaev R, Back G. VirtuOS:An operating system with kernel virtualization. In:Proc. of the 24th ACM Symp. on Operating Systems Principles. ACM Press, 2013. 116-132.[doi:10.1145/2517349.2522719]
    [117] Azab AM, Ning P, Shah J, Chen Q. Hypervision across worlds:Real-Time kernel protection from the arm trustzone secure world. In:Proc. of the 2014 ACM SIGSAC Conf. on Computer and Communications Security. ACM Press, 2014. 90-102.[doi:10.1145/2660267.2660350]
    [118] Li W, Li H, Chen H, Xia Y. Adattester:Secure online mobile advertisement attestation using trustzone. In:Proc. of the 13th Annual Int'l Conf. on Mobile Systems, Applications, and Services. ACM Press, 2015. 75-88.[doi:10.1145/2742647.2742676]
    [119] Zhou Y, Wang X, Chen Y, Wang Z. Armlock:Hardware-Based fault isolation for arm. In:Proc. of the 2014 ACM SIGSAC Conf. on Computer and Communications Security. ACM Press, 2014. 558-569.[doi:10.1145/2660267.2660344]
    [120] Guan L, Lin J, Luo B, Jing J, Wang J. Protecting private keys against memory disclosure attacks using hardware transactional memory. In:Proc. of the 2015 IEEE Symp. on Security and Privacy. IEEE, 2015. 3-19.[doi:10.1109/SP.2015.8]
    [121] Xu R, Saïdi H, Anderson R. Aurasium:Practical policy enforcement for Android applications. In:Kohno T, ed. Proc. of the 21st USENIX Security Symp. Bellevue:USENIX Association, 2012. 539-552.
    [122] Rastogi V, Qu Z, McClurg J, Cao Y, Chen Y. Uranine:Real-Time privacy leakage monitoring without system modification for Android. In:Proc. of the Int'l Conf. on Security and Privacy in Communication Systems. Springer Int'l Publishing, 2015. 256-276.[doi:10.1007/978-3-319-28865-9_14]
    [123] Backes M, Bugiel S, Hammer C, Schranz O, Styp-Rekowsky P. Boxify:Full-Fledged app sandboxing for stock Android. In:Jung J, ed. Proc. of the 24th USENIX Security Symp. Washington:USENIX Association, 2015. 691-706.
    [124] Smalley S, Craig R. Security enhanced (SE) Android:Bringing flexible MAC to Android. In:Ning P, ed. Proc. of the 20th Annual Network and Distributed System Security Symp. (NDSS 2013). San Diego:Internet Society, 2013. 20-38.
    [125] Bugiel S, Heuser S, Sadeghi AR. Flexible and fine-grained mandatory access control on Android for diverse security and privacy policies. In:King S, ed. Proc. of the 22nd USENIX Security Symp. Washington:USENIX Association, 2013. 131-146.
    [126] Heuser S, Nadkarni A, Enck W, Sadeghi AR. ASM:A programmable interface for extending Android security. In:Fu K, ed. Proc. of the 23rd USENIX Security Symp. San Diego:USENIX Asso
    网友评论
    网友评论
    分享到微博
    发 布
引用本文

刘剑,苏璞睿,杨珉,和亮,张源,朱雪阳,林惠民.软件与网络安全研究综述.软件学报,2018,29(1):42-68

复制
分享
文章指标
  • 点击次数:10213
  • 下载次数: 20667
  • HTML阅读次数: 5091
  • 引用次数: 0
历史
  • 收稿日期:2016-12-22
  • 最后修改日期:2017-02-08
  • 在线发布日期: 2017-07-20
文章二维码
您是第19636185位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号