{"title":"基于Petri网的Shellshock Bash漏洞建模分析","authors":"Liumei Zhang, Xinyuan Deng, Yichuan Wang","doi":"10.1109/NaNA53684.2021.00049","DOIUrl":null,"url":null,"abstract":"The enhancement of Internet connectivity and the increase of information transmission speed yield the increasing frequency of network attacks. The Shellshock attackers often exploit bash vulnerability to read the content behind the function definition when importing environment variable functions. Then, malicious scripts can be executed in systems and servers, which compromises everything. Therefore, this paper proposes a formal modeling analysis method for the Shellshock Bash basis and automates the analysis of the patched position of the model. The relationship between the established model and the actual attack process is also discussed, which is a feasible reference for exploring unknown vulnerabilities and the location of corresponding patches.","PeriodicalId":414672,"journal":{"name":"2021 International Conference on Networking and Network Applications (NaNA)","volume":"46 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Shellshock Bash Vulnerability Modeling Analysis Based on Petri Net\",\"authors\":\"Liumei Zhang, Xinyuan Deng, Yichuan Wang\",\"doi\":\"10.1109/NaNA53684.2021.00049\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The enhancement of Internet connectivity and the increase of information transmission speed yield the increasing frequency of network attacks. The Shellshock attackers often exploit bash vulnerability to read the content behind the function definition when importing environment variable functions. Then, malicious scripts can be executed in systems and servers, which compromises everything. Therefore, this paper proposes a formal modeling analysis method for the Shellshock Bash basis and automates the analysis of the patched position of the model. The relationship between the established model and the actual attack process is also discussed, which is a feasible reference for exploring unknown vulnerabilities and the location of corresponding patches.\",\"PeriodicalId\":414672,\"journal\":{\"name\":\"2021 International Conference on Networking and Network Applications (NaNA)\",\"volume\":\"46 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 International Conference on Networking and Network Applications (NaNA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/NaNA53684.2021.00049\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 International Conference on Networking and Network Applications (NaNA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NaNA53684.2021.00049","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Shellshock Bash Vulnerability Modeling Analysis Based on Petri Net
The enhancement of Internet connectivity and the increase of information transmission speed yield the increasing frequency of network attacks. The Shellshock attackers often exploit bash vulnerability to read the content behind the function definition when importing environment variable functions. Then, malicious scripts can be executed in systems and servers, which compromises everything. Therefore, this paper proposes a formal modeling analysis method for the Shellshock Bash basis and automates the analysis of the patched position of the model. The relationship between the established model and the actual attack process is also discussed, which is a feasible reference for exploring unknown vulnerabilities and the location of corresponding patches.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
