网络与信息安全学报 ›› 2017, Vol. 3 ›› Issue (9): 31-39.doi: 10.11959/j.issn.2096-109x.2017.00200

• 学术论文 • 上一篇    下一篇

基于结构特征的二进制代码安全缺陷分析模型

许团,屈蕾蕾(),石文昌   

  1. 中国人民大学信息学院,北京 100872
  • 修回日期:2017-08-13 出版日期:2017-09-01 发布日期:2017-10-18
  • 作者简介:许团(1973-),男,黑龙江鹤岗人,中国人民大学博士生,主要研究方向为信息安全。|屈蕾蕾(1995-),女,新疆乌鲁木齐人,中国人民大学博士生,主要研究方向为可信计算、云安全。|石文昌(1964-),男,广西浦北人,中国人民大学教授、博士生导师,主要研究方向为系统安全、可信计算与数字取证。
  • 基金资助:
    国家自然科学基金资助项目(61472429);北京市自然科学基金资助项目(4122041)

Analysis model of binary code security flaws based on structure characteristics

Tuan XU,Lei-lei QU(),Wen-chang SHI   

  1. School of Information,Renmin University of China,Beijing 100872,China
  • Revised:2017-08-13 Online:2017-09-01 Published:2017-10-18
  • Supported by:
    The National Natural Science Foundation of China(61472429);The Natural Science Foundation of Beijing(4122041)

摘要:

针对现有方法检测复杂结构二进制代码安全缺陷的不足,提出新的分析模型,并给出其应用方法。首先以缺陷的源代码元素集合生成特征元素集合,抽取代码结构信息,构建分析模型。然后依据各类中间表示(IR,intermediate representation)语句的统计概率计算分析模型,查找满足特征模型的IR代码组,通过IR代码与二进制代码的转换关系,实现对二进制程序中代码安全缺陷的有效检测。分析模型可应用于二进制单线程程序和并行程序。实验结果表明,相对于现有方法,应用该分析模型能够更全面深入地检测出各类结构复杂的二进制代码安全缺陷,且准确率更高。

关键词: 二进制分析, 分析模型, 软件安全缺陷检测, 缺陷代码识别

Abstract:

Aiming at the shortcomings of the existing methods to detect the security flaws that have complex structures,a new analysis model and its application method was proposed.First,analysis models based on key information of code structures extracted from path subsets of characteristic element sets that are generated by source code element sets of code security flaws were constructed.Then the analysis model according to the statistical probability of each kind of IR statement was calculated,and the IR code group which matched the feature model was found.Finally,through the translating relation between binary codes and IR codes,various code security flaws of binary program were found out.The analysis models can be applied to both common single-process binary programs and binary parallel programs.Experimental results show that compared with the existing methods,the application of the analysis model can be more comprehensive and in-depth in detecting various types of complex binary code security flaws with higher accuracy.

Key words: binary analysis, analysis model, software security detection, flaw code recognition

中图分类号: 

  • TP309.5