Research On A Codeanalysis Tool Based On Dynamic Symbolic Execution

With the development of computer science and technology and the advent of internet era, software security is particularly highlighted, which making software safety analysis referred to an unprecedented height. Through the code security analysis to find potential vulnerabilities of the target program and repair it, which can ensure the program running at a high level of security.Code analysis technology is generally divided into two types: static code analysis and dynamic code analysis. Static code analysis method needn't run the program, so, it generally has a relatively high false positive rate. Through the execution of the program, dynamic code analysis can detect whether the program trigger a potential vulnerability based on the current state information, which can reduce the false positive rate. However, dynamic execution cannot fully reflect all possible software behavior by one execution. The method of symbolic execution can generate multiple inputs of the program, and enables the program to execute different control paths, so, it can improve the code coverage rate of the code analysis to a certain extent.In this paper, we take binary executable program as our analysis object and propose a binary code analysis method based-on dynamic symbolic execution. It can dynamically monitor the run-time information of the binary program and detect potential vulnerabilities of the program. Because the information obtained is the true behavior state of the program, dynamic code analysis can effectively reduce the false positive rate. Through dynamic symbolic execution method, it collects the path constraints during the execution of the program. After that a new set of constraints are generated according to a certain path traversal algorithm, and a new input is constructed to drive the program to execute a new control path by constraint solving, thereby this method can increase code coverage of the execution .Based on the proposed code analysis method above, we design and implement a code analysis prototype tool: DSE-BAT. The tool mainly consists of binary code analysis module and dynamic symbolic execution module. Binary code analysis module completes security analysis during the actual execution of the program, which can effectively reduce the false positive rate. Dynamic symbolic execution module can generate multiple inputs to drive the program to execute different control path, and this method can achieve high code coverage and effectively reduce the false negative rate. In order to verify the effectiveness of our proposed binary code analysis method based-on dynamic symbolic execution, we carry on a code analysis prototype tool: DSE-BAT. We make a functional test of DSE-BAT to ensure the correctness of its analysis process. And then, through a buffer overflow vulnerability instance, DSE-BAT's capability of finding potential vulnerabilities is tested. We also test its basic block coverage rate, which can up to 80%. All these test show that the proposed method and tool can achieve the goal.