Searching for vulnerabilities in implementations of network protocols of the IPsec family using dynamic analysis tools
Jazyk: | ruština |
---|---|
Rok vydání: | 2022 |
Předmět: | |
DOI: | 10.18720/spbpu/3/2022/vr/vr22-711 |
Popis: | Тема вÑпÑÑкной квалиÑикаÑионной ÑабоÑÑ: «ÐоиÑк ÑÑзвимоÑÑей в ÑеализаÑиÑÑ ÑеÑевÑÑ Ð¿ÑоÑоколов ÑемейÑÑва IPsec Ñ Ð¸ÑполÑзованием инÑÑÑÑменÑов динамиÑеÑкого анализа».ЦелÑÑ ÑабоÑÑ ÑвлÑеÑÑÑ ÑвелиÑение покÑÑÑÐ¸Ñ ÐºÐ¾Ð´Ð° пÑи Ñаззинг-ÑеÑÑиÑовании пÑоÑокола IKE пÑÑем модиÑикаÑии ÑÑÑеÑÑвÑÑÑей ÑиÑÑÐµÐ¼Ñ Ñаззинг-ÑеÑÑиÑÐ¾Ð²Ð°Ð½Ð¸Ñ Ð´Ð°Ð½Ð½Ð¾Ð³Ð¾ пÑоÑокола. ÐÑедмеÑом иÑÑÐ»ÐµÐ´Ð¾Ð²Ð°Ð½Ð¸Ñ ÑвлÑÑÑÑÑ Ð¼ÐµÑÐ¾Ð´Ñ Ð¸ алгоÑиÑÐ¼Ñ Ñаззинг-ÑеÑÑиÑованиÑ. ÐбÑекÑом иÑÑÐ»ÐµÐ´Ð¾Ð²Ð°Ð½Ð¸Ñ ÑвлÑÑÑÑÑ Ð¿Ð¾Ð»Ð½Ñе ÑовÑеменнÑе ÑеализаÑии пÑоÑокола IPsec Ñ Ð¿Ð¾Ð´Ð´ÐµÑжкой ÑаÑÑиÑений Ð´Ð»Ñ ÑÐ´ÐµÑ Linux. ÐадаÑи, ÑеÑаемÑе в Ñ Ð¾Ð´Ðµ иÑÑледованиÑ:ÐзÑÑение оÑновнÑÑ ÑÑÑеÑÑвÑÑÑÐ¸Ñ Ð¿Ð¾Ð´Ñ Ð¾Ð´Ð¾Ð² и ÑÑедÑÑв поиÑка ÑÑзвимоÑÑей в пÑогÑаммном обеÑпеÑении.Ðнализ оÑобенноÑÑей пÑÐ¾Ð²ÐµÐ´ÐµÐ½Ð¸Ñ Ñаззинг-ÑеÑÑиÑÐ¾Ð²Ð°Ð½Ð¸Ñ Ð¿ÑоÑокола IKE и ÑоÑмиÑование ÑÑебований к ÑиÑÑеме пÑÐ¾Ð²ÐµÐ´ÐµÐ½Ð¸Ñ Ð°Ð½Ð°Ð»Ð¸Ð·Ð°. РазÑабоÑка ÑпоÑоба ÑвелиÑÐµÐ½Ð¸Ñ Ð¿Ð¾ÐºÑÑÑÐ¸Ñ ÐºÐ¾Ð´Ð° пÑогÑÐ°Ð¼Ð¼Ñ Ð·Ð° ÑÑÐµÑ Ð¿ÑÐ¸Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ Ð³ÐµÐ½ÐµÑаÑоÑа.ÐоÑÑÑоение ÑиÑÑÐµÐ¼Ñ Ñаззинг-ÑеÑÑиÑÐ¾Ð²Ð°Ð½Ð¸Ñ Ð¿ÑоÑокола IKE Ñ Ð¿Ñименением пÑедложеннÑÑ ÑлÑÑÑений.Ð Ñ Ð¾Ð´Ðµ ÑабоÑÑ Ð±Ñло пÑоведено изменение ÑÑÑеÑÑвÑÑÑей ÑиÑÑÐµÐ¼Ñ Ñаззинг-ÑеÑÑиÑÐ¾Ð²Ð°Ð½Ð¸Ñ Ð¿ÑоÑокола IKE, Ñакже бÑли пÑоанализиÑÐ¾Ð²Ð°Ð½Ñ ÑовÑеменнÑе ÑазновидноÑÑи Ñаззинг-ÑеÑÑиÑованиÑ. Ð ÑезÑлÑÑаÑе ÑабоÑÑ Ð±Ñло ÑазÑабоÑано ÑÑедÑÑво генеÑаÑии конÑигÑÑаÑионнÑÑ Ñайлов иниÑиаÑоÑа взаимодейÑÑÐ²Ð¸Ñ IKE-обмена, ÑабоÑаÑÑее в опÑеделенной ÑиÑÑеме Ñаззинга, Ñакже бÑло пÑоведено обоÑнование ÑÑÑекÑивноÑÑи ÑазÑабоÑанного ÑÑедÑÑва. ÐолÑÑеннÑе ÑезÑлÑÑаÑÑ Ð¼Ð¾Ð³ÑÑ Ð±ÑÑÑ Ð¸ÑполÑÐ·Ð¾Ð²Ð°Ð½Ñ Ð² далÑнейÑÐ¸Ñ Ð¼Ð¾Ð´Ð¸ÑикаÑиÑÑ Ð¸ дополнениÑÑ ÑиÑÑем Ñаззинг-ÑеÑÑиÑÐ¾Ð²Ð°Ð½Ð¸Ñ ÐºÐ°Ðº пÑоÑоколов безопаÑноÑÑи из ÑемейÑÑва IPsec, Ñак и Ð´Ð»Ñ ÑеализаÑий дÑÑÐ³Ð¸Ñ ÑеÑевÑÑ Ð¿ÑоÑоколов. The topic of the graduate qualification work is «Searching for vulnerabilities in implementations of network protocols of the IPsec family using dynamic analysis tools».The purpose of the study is increase the code coverage during fuzzing testing of the IKE protocol by modifying the existing fuzzing testing system for this protocol. The subject of the work is the methods and algorithms of fuzzing testing. The object of the research is complete modern implementations of the IPsec protocol with support for extensions for Linux kernels. The research set the following goals:Study of the main existing approaches and tools for finding vulnerabilities in software.Analysis of the features of fuzzing testing of the IKE protocol and the formation of requirements for the analysis system.Development of a way to increase the coverage of the program code through the use of a generator.Building a fuzzing testing system for the IKE protocol using the proposed improvements.In the course of the work, a change was made to the existing system for fuzzing testing of the IKE protocol, and modern varieties of fuzzing testing were also analyzed.As a result of the work, a tool was developed for generating configuration files for the initiator of the IKE exchange interaction, which works in a certain fuzzing system, and a rationale for the effectiveness of the developed tool was also carried out.The results obtained can be used in further modifications and additions to fuzzing testing systems for both security protocols from the IPsec family and for implementations of other network protocols. |
Databáze: | OpenAIRE |
Externí odkaz: |