基于结构特征的二进制代码安全缺陷分析模型

doi:10.11959/j.issn.2096-109x.2017.00200

网络与信息安全学报 ›› 2017, Vol. 3 ›› Issue (9): 31-39.doi: 10.11959/j.issn.2096-109x.2017.00200

基于结构特征的二进制代码安全缺陷分析模型

许团,屈蕾蕾(),石文昌

中国人民大学信息学院，北京 100872

修回日期:2017-08-13 出版日期:2017-09-01 发布日期:2017-10-18
作者简介:许团（1973-），男，黑龙江鹤岗人，中国人民大学博士生，主要研究方向为信息安全。|屈蕾蕾（1995-），女，新疆乌鲁木齐人，中国人民大学博士生，主要研究方向为可信计算、云安全。|石文昌（1964-），男，广西浦北人，中国人民大学教授、博士生导师，主要研究方向为系统安全、可信计算与数字取证。
基金资助:
国家自然科学基金资助项目(61472429);北京市自然科学基金资助项目(4122041)

Analysis model of binary code security flaws based on structure characteristics

Tuan XU,Lei-lei QU(),Wen-chang SHI

School of Information,Renmin University of China,Beijing 100872,China

Revised:2017-08-13 Online:2017-09-01 Published:2017-10-18
Supported by:
The National Natural Science Foundation of China(61472429);The Natural Science Foundation of Beijing(4122041)

摘要/Abstract

摘要：

针对现有方法检测复杂结构二进制代码安全缺陷的不足，提出新的分析模型，并给出其应用方法。首先以缺陷的源代码元素集合生成特征元素集合，抽取代码结构信息，构建分析模型。然后依据各类中间表示（IR,intermediate representation）语句的统计概率计算分析模型，查找满足特征模型的IR代码组，通过IR代码与二进制代码的转换关系，实现对二进制程序中代码安全缺陷的有效检测。分析模型可应用于二进制单线程程序和并行程序。实验结果表明，相对于现有方法，应用该分析模型能够更全面深入地检测出各类结构复杂的二进制代码安全缺陷，且准确率更高。

关键词: 二进制分析, 分析模型, 软件安全缺陷检测, 缺陷代码识别

Abstract:

Aiming at the shortcomings of the existing methods to detect the security flaws that have complex structures,a new analysis model and its application method was proposed.First,analysis models based on key information of code structures extracted from path subsets of characteristic element sets that are generated by source code element sets of code security flaws were constructed.Then the analysis model according to the statistical probability of each kind of IR statement was calculated,and the IR code group which matched the feature model was found.Finally,through the translating relation between binary codes and IR codes,various code security flaws of binary program were found out.The analysis models can be applied to both common single-process binary programs and binary parallel programs.Experimental results show that compared with the existing methods,the application of the analysis model can be more comprehensive and in-depth in detecting various types of complex binary code security flaws with higher accuracy.

Key words: binary analysis, analysis model, software security detection, flaw code recognition

中图分类号:

TP309.5

许团,屈蕾蕾,石文昌. 基于结构特征的二进制代码安全缺陷分析模型[J]. 网络与信息安全学报, 2017, 3(9): 31-39.

Tuan XU,Lei-lei QU,Wen-chang SHI. Analysis model of binary code security flaws based on structure characteristics[J]. Chinese Journal of Network and Information Security, 2017, 3(9): 31-39.

图/表 7

图1

图2

表1

表2

表3

图3

图4

参考文献 17

[1]	LANDWEHR C E , BULL A R , MCDERMOTT J P ,et al. A taxonomy of computer program security flaws[J]. Computing Surveys , 1994,26(3): 211-254.
[2]	WEBER S , KARGER P A , PARADKAR A . A software flaw taxonomy:aiming tools at security[C]// The Workshop on Software Engineering for Secure Systems—Building Trustworthy Applications. 2005: 1-7.
[3]	HUI Z , HUANG S , REN Z ,et al. Review of software security defects taxonomy[C]// The 5th International Conference on Rough Set and Knowledge Technology,Lecture Notes in Computer Science. 2010: 310-321.
[4]	ZHANG B , FENG C , WU B ,et al. Detecting integer overflow in windows binary executables based on symbolic execution[C]// The 17th IEEE/ACIS International Conference on Software Engineering,Artificial Intelligence,Networking and Parallel/Distributed Computing. 2016: 385-390.
[5]	SIDIROGLOU-DOUSKOS S , LAHTINEN ERIC , RITTENHOUSE N ,et al. Targeted automatic integer overflow discovery using goal-directed conditional branch enforcement[C]// The Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems. 2015: 473-486.
[6]	YADEGARI B , STEPHENS J , DEBRAY S . Analysis of exception-based control transfers[C]// The Seventh ACM on Conference on Data and Application Security and Privacy. 2017: 205-216.
[7]	MING J , WU D , WANG J ,et al. StraightTaint:decoupled offline symbolic taint analysis[C]// The 31st IEEE/ACM International Conference on Automated Software Engineering. 2016: 308-319.
[8]	CHA S K , WOO M , BRUMLEY D . Program-adaptive mutational fuzzing[C]// The IEEE Symposium on Security and Privacy. 2015: 725-741.
[9]	PHAM V , B?HME M , ROYCHOUDHURY A . Model-based whitebox fuzzing for program binaries[C]// The 31st IEEE/ACM International Conference on Automated Software Engineering. 2016: 543-553.
[10]	The valgrind developers[EB/OL]. .
[11]	NETHERCOTE N , SEWARD J . Valgrind:a framework for heavyweight dynamic binary instrumentation[J]. ACM SIGPLAN Notices, 2007,42(6): 89-100.
[12]	[EB/OL]. .
[13]	HOLZMANN G J . The model checker SPIN[J]. IEEE Transactions on Software Engineering, 1997,23(5): 279-295.
[14]	BANG K , CHOI J , YOO C . Comments on “the model checker SPIN”[J]. IEEE Transactions on Software Engineering, 2001,27(6): 573-576.
[15]	BRéMOND-GRéGOIRE P , CHOI J , LEE I . A complete axiomatization of finite-state ACSR processes[J]. Information and Computation, 1997,138(2): 124-159.
[16]	The valgrind developers[EB/OL]. .
[17]	The valgrind developers[EB/OL]. .

二进制程序	同步算法	算法缺陷
B₁	算法1	竞争条件
B₂	算法2	竞争条件
B₃	算法3	无

地址	指令
0804872B	mov ds:r_want,1
08048761	mov eax,state
08048766	cmp eax,1
08048769	jz shortloc_8048777
08048813	mov ds:r_want,0
08048826	mov state,1
08048735	mov state,0
080487FE	move ax,ds:r_want
08048803	test eax,eax
08048805	jz shortloc_8048848
0804881D	mov eax,state
08048822	test eax,eax
08048824	jnz shortloc_804883C

地址	指令
0804872B	mov ds:r_want,1
08048761	mov eax,state
08048766	cmp eax,1
08048769	jz shortloc_8048777
08048813	mov ds:r_want,0
0804883E	mov state,1
08048735	mov state,0
080487FE	move ax,ds:r_want
08048803	test eax,eax
08048805	jz shortloc_8048860
08048835	mov eax,state
0804883A	test eax,eax
0804883C	jnz shortloc_8048854

基于结构特征的二进制代码安全缺陷分析模型

Analysis model of binary code security flaws based on structure characteristics

在线阅读

pdf下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 7

参考文献 17

相关文章 7

Metrics

推荐阅读 0

[1]	郭京城,舒辉,熊小兵,康绯. 基于代码碎片化的软件保护技术[J]. 网络与信息安全学报, 2020, 6(6): 57-68.
[2]	超凡,杨智,杜学绘,孙彦. 基于深度神经网络的Android恶意软件检测方法[J]. 网络与信息安全学报, 2020, 6(5): 67-79.
[3]	腾金辉,光焱,舒辉,张冰. 基于流量分析的软件升级漏洞自动检测方法[J]. 网络与信息安全学报, 2020, 6(1): 94-108.
[4]	刘凡鸣,石伟. 基于区块链的ARP欺骗攻击防御方法[J]. 网络与信息安全学报, 2018, 4(9): 36-43.
[5]	肖达,刘博寒,崔宝江,王晓晨,张索星. 基于程序基因的恶意程序预测技术[J]. 网络与信息安全学报, 2018, 4(8): 21-30.
[6]	孙博文,黄炎裔,温俏琨,田斌,吴鹏,李祺. 基于静态多特征融合的恶意软件分类方法[J]. 网络与信息安全学报, 2017, 3(11): 68-76.
[7]	陈亚亮,戴沁芸,吴海燕,魏征. Mirai僵尸网络恶意程序分析和监测数据研究[J]. 网络与信息安全学报, 2017, 3(8): 35-43.