Research On Automatic Binary Software Vulnerabilities Detection Technique Under Windows

Binary automatic software vulnerabilities detection technology has been a hot research field of foreign software security,major research institutions every year to invest a lot of money,manpower,to improve the efficiency and accuracy of vulnerability,coverage and speed,in order to find a large number of unknown vulnerabilities exist in the network space mainstream operating system,application software,network protocol and so on.Support the action against network.However,at present popular system level vulnerability detection system the new system to adapt to the slow,low efficiency problems,so the process of vulnerability detection system research has become an urgent need to study and solve the problem.In this paper,we study the binary software vulnerability detection method based on offline symbolic execution.The main research contents and results are as follows:(1)Based on the static analysis of the buffer overflow risk function of the rough positioning method.According to the typical buffer overflow vulnerabilities,such as stack overflow heap overflow,analyzed these vulnerabilities in the form of performance and behavior characteristics of binary level,and then use the static Taint Analysis Method on the program in the custom with the coarse positioning function of buffer overflow risk,the experiment proves that the method has high accuracy the.(2)A method of detection buffer overflow vulnerability based on offline symbolic execution Windows.In this paper,static analysis and dynamic analysis are combined to reduce the key fields in the test cases to be analyzed,to improve the effectiveness and efficiency of the offline symbolic execution constraints.At the same time,according to the characteristics of the off-line symbolic execution,the execution of the specified path based on the off-line symbolic execution is designed.And on this basis,according to the characteristics of the stack structure of Windows,proposed the Windows platform stack overflow vulnerability and heap overflow fast detection algorithm,detection method to realize the accurate and efficient buffer overflow.(3)Design and implementation of Windows under the process level vulnerability detection system SymbolicWin.The Windows structure of fuzzy testing tool FuzzWin is studied based on off-line symbolic execution and its defects are analyzed.The SymbolicWin vulnerability detection system is designed,which is different from the traditional method of shadow memory method,and the method of detecting the vulnerability of the system is presented.The experimental results show that the process level vulnerability detection system based on SymbolicWin can achieve the detection and detection of buffer overflow vulnerability under Windows.