Research On Binary-Code-Oriented Vulnerability Detection

Along with the development of information technology,sofrware plays an important role in many areas such as economic,medical,national defense. In such a case,security which is the basic property of information system has an effect on national welfare and people’s livehood.In recent years,although many software vendors has actively adopted Security Development Lifecycle that’s proposed by Microsoft,and more and more programmers developed the sense of secure coding.But software’s complextity and amount of code determined essentially vulnerabilities can not be completely eliminated from software.There is no doubt that it gives the attackers oppurtunities,network faces severe threats due to Advanced Pesistent Threat lauched by exploiting software vulnerabilities.Discovering vulnerabilities as early as possible,and patching them in time will not only enhance the personal information security but also national security. So the technology of bug hunting is one of the most interested theme in the field of security research.Vernerability discovering technology can be classified into two kinds: source-code-oriented vulnerability detection and binary-code-oriented vulnerability dectection.Because many software vendors don not release their products with source code for commercial interest and intellectual property reason.And in the process of compiling,in case of compiler’s impoper optimization,defective binary code will be generated.Because of the above reasons,binary-code-oriented detection is the mainstream method.Comparing with source-code-oriented vulnerability detection,binary-code-oriented vulnerability detection faced with following challenges:Lack of informatiomalthough assembly code can be acquired by disassembling the binary file,information such as variable data type,data structure, syntactic and semantic is still missing.Especially indirect jump and pointer alias make binary code analysis tougher.The complexity of x86instructions setthera are various type of instruction in x86instruction set,and different instruction has different amount of operands.What’s more,a single instruction usually has and effect on multiple operands.This dissertation focuses on binary-executable-oriendted vulnerability detection techniques,makes in-depth on the following issue:(1)the development technique of binary instrument framework PIN’s plugin(2)the optimization of fuzzing test cases set technique based on PIN(3)the formal description of vulnerability pattern based on XML(4)offline fine-graind taint anlaysis technique;(5)the design and impletation.