基于函数语义分析的软件补丁比对技术

doi:10.11959/j.issn.2096-109x.2019051

Abstract

Abstract:

Patch comparison provides support for software vulnerability,and structural comparison has been developed.Based on summarizing binary files comparison and anti-comparison methods,comparison technology was proposed by semantic analysis on function to address the issue that structural comparison cannot carry on semantic analysis.Through traditional structural comparison,syntax differences in function-level were analyzed to find the maximum common subgraph.Then,the path cluster was built between the input and output of the function depend on program dependency analysis.Function output characteristics was established based on symbolic execution.Semantic differences of functions were compared by functional summaries.Based on the maximum isomorphic subgraph,the matched functions which there are possible semantic changes between was further analyzed.Ultimately,the experimental results showed the feasibility and advantages of the proposed method.

Key words: vulnerability analysis, patch comparison, symbolic execution, semantic analysis

CLC Number:

TP393

Yan CAO, Long LIU, Yu WANG, Qingxian WANG. Software patch comparison technology through semantic analysis on function[J]. Chinese Journal of Network and Information Security, 2019, 5(5): 56-63.

Figures/Tables 9

文件名	工具	漏洞/修补函数对x	M_C函数对y	$\frac{x}{y}$ 的比值
CVE-20063439	SymDiff	1	7	14.3%
	PatchDiff2	1	7	14.3%
CVE-20084205	SymDiff	1	2	50%
	PatchDiff2	1	3	33.3%
CVE-20102746	SymDiff	1	2	50%
	PatchDiff2	1	3	33.3%
CVE-20176178	SymDiff	5	6	83.3%
	PatchDiff2	5	8	62.5%

References 17

[1]	WANG Z , PIERCE K , MCFARLING S . BMAT-a binary matching tool for stale profile propagation[J]. The Journal of Instruction-Level Parallelism (JILP), 2000,2: 1-20.
[2]	FLAKE H , . Structural comparison of executable objects[C]// Dortmund GI SIG SIDAR Workshop, 2004.
[3]	潘璠, 吴礼发, 孙传鲁 ,等. 一种改进的补丁比较模型的研究与实现[J]. 南京邮电大学学报（自然科学版）, 2012,32(2): 75-83.
	PAN F , WU L F , SUN C L ,et al. Research and implementation of an improved patch comparison technique[J]. Journal of Nanjing University of Posts and Telecommunications(Natural Science), 2012,32(2): 75-83.
[4]	肖雅娟 . 二进制代码函数相似度匹配技术研究[D]. 济南:山东大学, 2016.
	XIAO Y J . Research on similarity matching technology of binary code function[M]. Jinan:Shandong University. 2016.
[5]	LIU B C , BINGCHANG L , WEI H , CHAO Z ,et al. α Diff:cross-version binary code similarity detection with DNN[C]// IEEE ACM Automated Software Engineering (ASE’18). 2018.
[6]	XU X J , LIU C , FENG Q ,et al. Neural network-based graph embedding for cross-platform binary code similarity detection[C]// The 2017 ACM SIGSAC Conference on Computer and Communications Security. 2017.
[7]	王欣, 郭涛, 董国伟 ,等. 基于补丁比对的Concolic测试方法[J]. 清华大学学报（自然科学版）, 2013,53(12): 1737-1742.
	WANG X , GUO T , DONG G W ,et al. Concolic test method based on patch matching[J]. Journal of Tsinghua University(Science and Technology), 2013,53(12): 1737-1742.
[8]	王嘉捷, 郭涛, 张普含 ,等. 基于软件代码差异分析的智能模糊测试[J]. 清华大学学报（自然科学版）, 2013,53(12): 1726-1730.
	WANG J J , GUO T , ZHANG P H ,et al. Intelligent fuzzy test based on software code difference analysis[J]. Journal of Tsinghua University(Science and Technology), 2013,53(12): 1726-1730.
[9]	SHAHZAD M , SHAFIQ M Z , LIU A.X . A large scale exploratory analysis of software vulnerability life cycles[C]// International Conference on Software Engineering. 2012: 771-781.
[10]	FREI S , MAY M , FIEDLER U ,et al. Large-scale vulnerability analysis[C]// SIGCOMM Workshop on Large-Scale Attack Defense. 2006: 131-138.
[11]	BRUMLEY D , POOSANKAM P , SONG D ,et al. Automatic patch-based exploit generation is possible:techniques and implication[C]// Security ＆ Privac. 2008.
[12]	AVERY J , SPAFFORD E H . Ghost patches:fake patches for fake vulnerabilities[C]// International Conference on ICT Systems Security and Privacy Protection. 2017: 399-412.
[13]	JEONG W O , CHEN S . Binary and anti-binary comparison[C]// XCon Information Security Conference. 2013: 1-27.
[14]	DEBIN G , MICHAEL K R , DAWN S . BinHunt:automatically finding semantic differences in binary programs[C]// The 10th International Conference on Information and Communications Security. 2008.
[15]	LANNAN L , JIANG M , DINGHAO W ,et al. Semantics-based obfuscation-resilient binary code similarity comparison with applications to software plagiarism detection[J]. IEEE Transactions on Software Engineering, 2017,43(12): 1157-1177.
[16]	ZHENG Z X , BIHUAN C , MAHINTHAN C , LIU Y ,et al. SPAIN:security patch analysis for binaries towards understanding the pain and pills[C]// The 39th International Conference on Software Engineering. 2017.
[17]	CAO Y , WEI Q , WANG Q X . Research on parallel symbolic execution through program dependence analysis[C]// The Fifth International Symposium on Computational Intelligence and Design. 2012: 222-226.

Metrics

Recommended 0

No Suggested Reading articles found!

工具名称	来源
SymDiff	自主研发
PatchDiff2	由Tenable Network Security发布的免费比对工具

文件类型	文件名称	版本
原文件	netapi32.dll	5.00.2195.6949
补丁文件		5.00.2195.7105

文件类型	文件名称	版本
原文件	netapi32.dll	5.1.2600.2180
补丁文件		5.1.2600.2952

文件类型	文件名称	版本
原文件	comctl32.dll	6.00.2900.5512
补丁文件		6.00.2900.6028

文件类型	文件名称	版本
原文件	USBPcap.sys	1.0.0.7
补丁文件		1.2.0.1

Software patch comparison technology through semantic analysis on function

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 9

References 17

Related Articles 6

Metrics

Recommended 0

[1]	Yuqiang XIAO, Yunfei GUO, Yawen WANG. Metrics for code obfuscation based on symbolic execution and N-scope complexity [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 123-134.
[2]	Xieli ZHANG, Yuefei ZHU, Chunxiang GU, Xi CHEN. Security protocol code analysis method combining model learning and symbolic execution [J]. Chinese Journal of Network and Information Security, 2021, 7(5): 93-104.
[3]	Pu GENG,Yuefei ZHU. Research on construction of conditional exception code used in branch obfuscation [J]. Chinese Journal of Network and Information Security, 2020, 6(6): 25-34.
[4]	Hui-ying YAN,Zhen-ji ZHOU,Li-fa WU,Zheng HONG,He SUN. Symbolic execution based control flow graph extraction method for Android native codes [J]. Chinese Journal of Network and Information Security, 2017, 3(7): 33-46.
[5]	Peng-hui ZHANG,Xi TIAN,Kang-wei LOU. Firmware vulnerability analysis based on formal verification of software and hardware [J]. Chinese Journal of Network and Information Security, 2016, 2(7): 59-68.
[6]	De-guang LE,Liang ZHANG,Sheng-rong GONG,Li-xin ZHENG,Shao-gang WU. Research on OLE object vulnerability analysis for RTF file [J]. Chinese Journal of Network and Information Security, 2016, 2(1): 34-45.