| Software vulnerabilities will increase the network security incidents,in the past ten years,source detection has attracted wide attention from security researchers and has achieved a lot of source vulnerability detection tool,and also the detection effect is obvious.In recent years,a variety of commercial software frequently broke the vulnerabilities,seriously affecting the safety of enterprises,so the third party application security has been more and more attention.Compared with the high-level language vulnerability detection,binary code lack of program attribute information and machine code instructions are more difficult to understand than the high-level language,so the detection of binary code is more difficult,so the current domestic and foreign research is still in the initial stage.In the existing method of binary code vulnerability detection,the dynamic detection is run-tine checking,often need to consume a large number of CPU resources,and low degree of automation.Compared with dynamic detection,static detection does not need to execute the program,but through the simulation program execution flow to traverse the code,can detect all of the program path and the vulnerabilities before the program execution,also static detection does not produce run-time cost,so has high degree of automation.In this paper,we use the static analysis method to analyze the semantics of modern processor instruction set.Convert the binary code into an intermediate representation language which is easier to understand and analyze,and then apply the source code analysis technique to detect the converted intermediate representation language.In view the shortcomings of the existing intermediate representation language,this paper redesigns an intermediate representation language which is more easily to analyze,and then uses this intermediate language as the detection target,abstract interpretation theory as a detection method,apply abstract domain hierarchical method to improve the detection accuracy,finally we achieved the binary code vulnerability detection system Binana.Binana can detect applications including Windows,Linux,and ARM platform orcore component vulnerabilities,now has been verified a large number of known vulnerabilities and also found 1 0day vulnerability.In addition,in this paper we use Binana as an auxiliary analysis tools to static analysis the large-scale application software and then detect large-scale program vulnerabilities.In the end,this paper verifies the effectiveness and practicability of the Binana system by detecting the different types of RTF document vulnerabilities and then comparing with the existing methods or tools. |
PDF Full Text Request