Design And Implementation Of A Vulnerability Detection System Based On Taint Value Range Propagation Analysis

As the Internet environment becomes increasingly complex,network security gradually has more and more influence on people's real life.Because of this,the research on system software vulnerability detection is of great significance to the security of China's software systems and can also further promote the technical development of China's vulnerability analysis field and enhance China's vulnerability mining capability.To solve the problems of imperfect technical support for basic analysis and high false alarm rate in the current mainstream static vulnerability detection methods,this paper designs a vulnerability detection method.The method is based on taint value range propagation analysis which realizes a more accurate identification of harmless processing through semantic analysis and then combines data flow analysis and abstract interpretation to realize cross-functional variable value range analysis.Last,we combine the identification and analysis of data security checks to realize an automated vulnerability detection solution.This paper's research content and innovation points contain the following aspects.(1)A sanitizer identification method based on semantic analysis is proposed: To solve the problems of simple sanitizers identification methods in the current taint analysis methods,such as the problem of the set only contains function level.We combine natural and program semantics to design a more accurate identification method,which can automatically identify more comprehensive function-level sanitizers through natural semantic syllogism methods.Then,we combine the analysis of the semantics of the program to identify statement-level sanitizers.The experiments show that the method can effectively,quickly,completely,and automatically identify the sanitizers in programs.(2)A method of value range analysis based on data flow analysis and abstract interpretation is proposed: Considering the problems of inaccurate value range analysis and the lack of cross-functional analysis in existing methods,this paper uses path-sensitive data flow analysis to analyze two different variable transfer cases,intra-procedural and inter-procedural calls,to obtain function calls and data dependencies,and combines abstract interpretation methods for variable value range solving.Experiments show that the method provides accurate and efficient value range transfer analysis for variables of multiple types and across functions.(3)A vulnerability detection method based on taint value range propagation analysis is proposed: Based on the above-mentioned harmless processing identification and cross-functional value range analysis,a taint attribute quadruplet <Source,Sink,Sanitizer,Range> is used to characterize the program security state.The method analyzes the program call chain and data propagation chain from the data input point to find whether the dangerous variables are missing in a specific program and whether dangerous variables are missing or there are irregular security checks in a particular program fragment.Besides,the method analyzes the validity of vulnerability trigger points to find true security flaws in the program.Experiments show that the method can accurately detect security flaws in programs and has high analysis performance,which is suitable for analyzing large systems.The research in this paper is based on practical project requirements.The results have been successfully presented at international academic conferences such as the International Conference on Trust,Security and Privacy in Computing and Communication(Trust Com2021)and the International Symposium on the Application of Intelligent Technologies in Security(AITS 2021).In addition,during the analysis of the Linux kernel source code,the results of this paper verified 23 fixed issues and identified 14 new security issues.