Binary Code Security Analysis

Code security plays a very important role in the security of computer systems. Nowadays, there are many analysis technologies and methods based on the source codes which have done well to enhance the software code security. But there are many business software whose source codes are closed. Source code analysis technologies lose its power under this situation. The fact that the binary code may be the only available format of the software makes the analysis technology based on binary code more important.In this paper, we introduced the differences and contrasts between the analysis technologies and tools based on source code and binary code and tried to find the reason why the source code analysis technologies put the emphases on static analysis while the binary code analysis technologies put the dynamic analysis in a more important position. We also introduced the challenges behind the binary code analysis and the according technologies against the challenges. Popular tools such as Pin, BitBlaze and Valgrind and the analysis technologies they adopted are also introduced. We also introduced the representation of high-level semantic structure such as buffers, pointers et al and popular bug patterns in binary code. A new technology using symbolic execution with constraints solving which is popularly used in source code analysis was proposed to analysis binary codes in this paper based on the analysis flaws of popular technologies such as dynamic and dynamic fuzzing in binary code security analysis.Binary code analysis for security has many problems. There is difficult in deducing the representation of bug patterns in binary code, especially the accurate size of the buffer in stack. The loose of precision in the lift of the code prevents the accurate analysis.A prototype tool named bats(Binary Analysis Tool for Security) was implemented using dynamic symbolic analysis technology. The results of experiments suggest that it's practical to combine dynamic analysis and symbolic execution technology for binary code analysis. The adoption of symbolic execution in binary code analysis is useful to reduce the rate of false negatives of the dynamic fuzzing.