| With the rapid development of computer techniques, many kinds of software have affected people more and more deeply in their work and daily life. However, the level of the practically used programs is often complex and of such a large scale so that it is not as easy to analyze and debug them as one might expect. And it is quite difficult to diagnose attacks and find vulnerabilities in such large-scale programs. Most of security issues of software are from their design flaws. Thus, it makes a big reduction of the risk and cost from malicious software attacks that finding potential vulnerabilities and diagnosing software attacks in time.Program slicing has been proved to be an effective approach to find vulnerabilities and diagnose software attacks. And it becomes a popular and effective method for program comprehension since it can reduce the analysis scope greatly and drop useless code which will not influence the final result. Generally, there are two methods to implement this technique, static way and dynamic way. The static way has high overhead and low runtime efficiency because it must load the whole target program when doing the slice analysis. It is also not very precise since it cannot get the accurate value, which can be obtained only when the target program is actually running. The program slicer that I designed and implemented in this paper uses the dynamic method to overcome the shortcomings of static analysis, and it can get precise slicing result with high efficiency and low overhead. After the dynamic program slicing was proposed, there has been any researches in this field. However, most of existing dynamic slicing tools perform dynamic slicing in the source code level, and the source code is not easy to obtain in practice, which makes the dynamic slicing on source code level be not practical. In this condition, this paper provides and implements a dynamic program slicer based on the binary program. The slicer can do the dynamic slicing analysis directly on the binary executables of target programs, which greatly expand the using scope of the dynamic program slicing technique.My research works and contributions mainly include the following points: 1) Combine the dynamic program slicing and binary analysis technique to provide the dynamic binary program slicing technique to improve the efficiency and reduce the overhead. 2) Put forward the idea of using dynamic binary program slicing technology to discover software vulnerability and diagnose attacks, and demonstrate the feasibility of this option in experiments. 3) Organize the slicing result by function CG (Call Graph) and CFG (Control Flow Graph) to make it hierarchical and structured. 4) Add two optimizations, which are Basic Block Execution and Function Filtering, to the tool to simplify the slicing process and improve the analysis efficiency greatly.It is proved in the experiments that the dynamic binary program slicer can not only finish dynamic slicing tasks efficiently and accurately, but can diagnose true software attacks and explore potential vulnerabilities as well. Benefit from the two optimizations, the overhead of my dynamic binary slicer is only 1.41 times, which is much lower than other similar analysis systems. |
PDF Full Text Request