Program Analysis For Logic Vulnerability Detection And Software Behavior Analysis

The rapid development of computer and Internet technology has witnessed a revolution in computer software.Software has evolved significantly,from stand-alone software in the PC era decades ago to distributed software in the Internet era a few years ago and to cloud services in the cloud computing era today.The application of computer software has gained unprecedented popularity and software has become an important part of the infrastructure in modem society,impacting on our daily life in many ways.However,the enrichment of feature inevitably results in a significant increase in the scale and complexity of software,making it a great challenge for the effectiveness of existing program analysis approaches in the analysis of software reliability and security.Program analysis is the process of automatically analyzing the behavior of com-puter programs regarding a property such as correctness,robustness and security.At present,program analysis techniques are widely used in software development and testing,and plays an important role in improving the quality of software.In general,there are the following three un-resolved issues in the application of existing program analysis techniques in software reliability and security analysis.1.Complex vulnerability detection in very large programs.The essence of software vul-nerabilities is logic defects in code,resulting from many factors such as software design and implementation,hardware architecture and runtime environment.As a result,there are still many limitations for the existing approaches in automated,large-scale detection of complex vulnerabilities,especially for logic vulnerabilities.Since logic vulnerabilities are usually related to specific functions of the software,it is more difficult to detect them with pre-defined signatures.In this situation,it is very important to design an accurate and effi-cient detection approach for logic vulnerabilities which can be applied to ultra-large-scale software.2.Large-scale behavior analysis for heterogeneous third-party plug-ins in software.With the rise of mobile Internet in recent years and influenced by the concept of SaaS(Software-as-a Service),software plug-in has become popular.The number of software vendor who provides their product for mobile developers in the form of third-party plug-in has greatly increased.Considering the difference in structure and function between third-party plug-ins and the software itself,existing approaches often lack effectiveness in analyzing the software behavior of such heterogeneous plug-ins.As a result,it is crucial to provide a fine-grained and large-scale behavior analysis for heterogeneous third-party software plug-ins.3.The completeness and soundness of behavior analysis approaches in complex software.Mobile applications are getting increasingly popular today.On one hand,the extensive application of code obfuscation and dynamic code loading techniques in mobile apps has posed great challenge to many exiting static analysis approaches.On the other hand,the in-creasingly complexity of user interface interaction logic also greatly limit the effectiveness of many existing dynamic analysis approaches.Consequently,it is very important to pro-vide a accurate,efficient and scalable behavior analysis for complex mobile applications with high code coverage.For the three unresolved issues above,this paper carries out the following research:1.In this paper,we propose a novel approach for accurate,efficient and large-scale logic vul-nerability detection in very large programs by leveraging on program dependence graph and existing graph mining techniques.Furthermore,we design and implement an auto-mated logic vulnerability detection system based on software API patterns,which can be applied in software with different platform or architecture.In all,our system successfully detects 38 0-day logic vulnerability during a large scale experiment,which proves the ef-fectiveness of our approach.2.To overcome the limitations of existing approach in analyzing the behavior of third-party heterogeneous plug-ins,we analyze the third-party ad networks for mobile applications with a fine-grained static approach based on advertising API calls.Moreover,we find the preference of different third-party ad networks in mobile applications for both developers and users.Our results show that most developers are cautious about the use of third-party ad networks in their mobile applications,because excessive or inappropriate advertising behavior could anger the users,leading to a decrease in developers,advertising revenue.3.In this paper,we propose a hybrid approach for Android application behavior analysis based on call-graphs.Our approach makes it possible to maintain the advantages of both static and dynamic analysis without suffering from their disadvantages and can accurately and effectively analyze the behavior of the application which tries to obfuscate or hide its code,thereby improving the reliability and security of mobile applications.Our results show that the code coverage and accuracy has improved significantly in our approach,compared to simply using static or dynamic approaches.