Binary Oriented Vulnerability Detecting Methods Based On Taint Propagation

Accompanied with the increament of the complexity of software is the augumenting probabilityof errors in the interactions between modules. And the enlargement of software demanding induceda surge of unskilled programers in the field, leading to the declining quanlity of programs. Underabove circumstances is the emergment of countless automatic hacker tools, threatening the securityof the whole industry. For decades, vulnerability detection has been relying on artificial reverseengineering and fuzzing. The former requires professional knowledge and experiences, while thelater is costly and blind, often produce numerous invalid test cases. The inadequate of the existingtechnology spurs multiple attempts in academia: one of the most effective ones is taint propagation.It tracks the untrusted data source with binary instrumental tools to excavate vulnerabilities andshows better performance on path coverage and accuracy.Vulnerabilities are special execution sequences featured with a variety of forms, thus theirdescriptions demand to fit different sequences of the same vulnerability. For above reason, a processalgebra vulnerability model based on taint propagation is proposed in this paper, providing a newangle----seeing instructions as the communication between storage units----to depict executables. Itregards oprands and mnemonics as processes and acts on processes, combining buffer overflowvulnerabilities’ characteristics of transfer data in loops and the taint condition of correspondingstorage units and flags, and gives a pattern of this catagory of flaws. According to the fact thatexecution sequences are context sensitive, a vulnerability detection method is put forward usingsimilarities of execution sequences. The method takes the context sensitive factor into considerationin the similarity measurement, and since it is global oriented, the interferences introduced by thevariety of forms is reduced. This method is based on dynamic time warping measure and developedits local dissimilarity measurement according to the fact that the local and global similarities ofprograms sequences contribute equal to their function. This method is aimed at digging thevulnerabilities whose exploits need the success utilizations of more than one sort of flaws. Avulnerability detection framework based on the above two methods illustrate the accuracy of themodel and efficiency of vulnerability detection method.