| Virtualization platforms,through the integration of hardware and software,provide an imperceptible,independent operating system environment and a secure,independent code execution environment for upper-level users.They are widely used in fields such as cloud computing and blockchain.However,attackers exploiting potential vulnerabilities may lead to serious consequences,such as the leakage of user-sensitive information and financial losses.Current vulnerability detection techniques for virtualization platforms face certain challenges and limitations,such as inadequate code coverage,low testing efficiency,and difficulty in effectively detecting vulnerabilities in closed-source components.To address these challenges,this study conducts in-depth research on vulnerability detection techniques for open-source and closed-source virtualization platforms,identifies four attack surfaces(USB devices,graphics devices,bytecode,and source code),and proposes two fuzz testing methods and a source code analysis method.Additionally,based on virtual machine vulnerabilities,a novel attack method is proposed for blockchain application scenarios.To address the difficulty of obtaining code coverage and low fuzz testing efficiency in fullsystem emulation virtualization platforms,a virtual machine separated USB device fuzz testing procedure based on Intel-PT is proposed.By analyzing the USB device interface protocol,a fuzz testing process for multiple guests sharing the same host is proposed.This study also designs distributed node fuzz testing progress synchronization technology to achieve parallel testing of the same virtual attack surface for multiple hosts and guests.Based on Intel-PT technology,this research can accurately obtain the code coverage of target processes in virtualization platforms,guiding sample mutation and effectively increasing fuzz testing efficiency by more than 30 times.Such a separated fuzz testing method demonstrates excellent usability in practical applications,detecting 15 vulnerabilities,one of which received a CVE identifier and acknowledgment from VMWare.To address the issues of sample interference and crash reproduction for high-frequency interactive devices,a system component airborne fuzz testing method based on corpus inspection is proposed.Focusing on attack surfaces for virtual machine renderers in emulation mode and virtual machine bytecode in simulation mode,this study efficiently executes target critical code by extracting virtual machine renderer code.At the same time,the study uses the operating system process shared memory mechanism for fuzz testing sample airborne transmission,achieving efficient process-level execution of closed-source component code.The dual acceleration of the loader and airborne technology increases sample execution efficiency from an average of 80 executions per second to 800 per second.The proposed airborne fuzz testing method discovered 70 crash samples in the SVGA component of the VMWare virtual machine program,and after manual analysis,12 vulnerabilities are found and reported,two of which received CVE identifiers.Building on the process-level execution of virtual machine system components,this research proposes a method based on corpus validity inspection.By providing a Backus-Naur Form grammar description to the system and using bit-level mutation,this system can translate the generated test corpus into intermediate language through an IR translator and perform validity checks and corrections based on the Naive Bayes corpus format judgment method.The fuzz testing for general-purpose formatted corpus processing software discovered numerous vulnerabilities and was awarded 13 CVE identifiers.After completing adaptations for virtualization software WASM and Neo VM,this study further detected 10 vulnerabilities,all of which received CVE identifiers.Overall,the introduction of corpus validity inspection significantly improved sample validity and increased fuzz testing efficiency by more than 300 times.To address the difficulty of virtual machine source code analysis,a virtual machine source code vulnerability analysis method based on deep learning is proposed.By converting source code into AST syntax trees and program dependency graphs,this research can deeply traverse ASTs to obtain sequential structures and extract a set of candidate vulnerability syntax features.Based on the candidate set of vulnerability syntax features,the program dependency graph is sliced,and after removing duplicate slices,a set of program slices containing control and data dependency relationships is obtained.Subsequently,the program slice set is further normalized and vectorized to maximize the preservation of structure and contextual information.Finally,this feature vector is input into a neural network model for training.To find the best deep learning model,the experiments achieved in-depth comparative tests of four different neural network models’ performance.Results show that the attention-based bidirectional long short-term memory neural network achieved the best detection performance,and the effectiveness of the framework was also proven in large-sample experiments.Lastly,through exploiting virtual machine code defects to create inconsistencies in the blockchain ledger status across the entire network,an incitement attack technique based on virtual machine code defects is prposed,which,ultimately leading to the double-spending problem in digital currencies.Any user in a blockchain network can initiate an incitement attack,affecting other users in the same network and impacting all digital assets on the chain.To counter this attack,this research proposes a defense method based on block checking that effectively mitigates such incitement attacks.At the same time,this defense method achieves lightweight,efficient attack mitigation,with the additional computation time being almost negligible(only3.8%),and the extra storage space consumed being only in the kilobyte range,which is entirely acceptable compared to the ever-increasing normal storage consumption. |
PDF Full Text Request