| With the rapid development of computer technology and Internet technology, information technology affects all aspects of daily life. However, when information technology brought huge productivity for society, security vulnerabilities which exist in the computer system also make the interests of individuals and businesses infringed. When attacks on computer systems, hackers often take the vulnerabilities which exist in the computer system software as breakpoints of attack. Therefore the research of software security vulnerabilities becomes more and more important. Software vulnerabilities detection is an important research direction in software security research field; it will fix the weak points of the system and improve the security of computer systems by detecting unknown software vulnerabilities exist in the computer system. Based on the target, the technology of software vulnerability detection can be divided into detection for source code and detection for binary software. There are several commercial tools for source code vulnerability detection; however, owing to the lack of grammatical information and lexical information, there are no mature tools for binary software vulnerability detection so far. So this article focuses on vulnerability detection for binary executable program.Fuzzing is one of the most common techniques for binary executable vulnerability detecting. With the fuzzy input data, security vulnerabilities in the internal procedures of software can be found. Though fuzzing test operation is very simple, in result of the lack of understanding of the target process and the simple random variations of the input data, fuzzing has poor test efficiency. The quality of the test samples is an important factor affecting the efficiency and effectiveness. In order to optimize the test sample, based on the combination of the static and dynamic analysis techniques with fuzzing technology, this paper presents a smart fuzzing technology for binary executable program vulnerability detection, which improves the efficiency of vulnerability detection.In order to optimize the quality of test samples, the paper focuses on the following studies:Summary high-risk vulnerability patterns of binary executable program vulnerability. Based on research on classification of software vulnerabilities, this paper proposes three types vulnerability patterns which are characterized by basic operation sequence, namely buffer overflow vulnerabilities pattern based on dangerous function calls, buffer overflow vulnerability pattern based on loop memory write and integer overflow vulnerability pattern based on sign extension instruction.Extraction of high-risk vulnerability points existing in binary executable program. Using IDAPython script, this paper develops three high-risk vulnerabilities pattern matching scripts which can match the special sequence of basic operation defined by vulnerability patterns by static data flow analysis. So it can extract high-risk vulnerability points existing in binary executable program.Corpus distillation based on maximum coverage of vulnerability risk points. Based on dynamic binary instrumentation technology, it can obtain the runtime information while the target program is running. By analysis the coverage of high-risk vulnerabilities risk points, it can judge the quality of the sample.Implement of offline taint analysis system based on dynamic binary instrumentation platform. For special high-risk vulnerabilities risk point, which cannot covered by the test sample, the offline dynamic taint analysis system can guidance the reconstruction of test sample. Moreover dynamic taint analysis system can also be used for the fast analysis of program exceptions found by fuzzer and the construct of exploit.Based on these studies, this paper designs and realizes BugHunter, a smart fuzzer which based on the combination of the static and dynamic analysis technologies with fuzzing technology. Through an actual process of0Day vulnerability detection, the effectiveness of BugHunter is verified. |
PDF Full Text Request