Research On Static Detection Dechnology Of Buffer Overflow Based On Binary Program

Amongst the increasing software vulnerabilities erupted in recent days, bufferoverflow has become the most significant one. With the fast-paced development ofthe information and Internet technology, that issue is more critical than ever. Even ifthe source code orientated buffer overflow vulnerabilities detection is mature now,however, many softwares are released in binary form due to commercial reasons,source code orientated techniques are not able to be applied to binary files, whichmakes it hardly possible to ensure the safety of these softwares. In fact, dynamicanalysis technique has been widely used in these years, however, it requires runtimedetection, resulting in low coverage and high runtime cost. On the other hand,software vulnerabilities can be exploited before running by means of static programdetection techniques, which might reduce severe loss. But unfortunately, binaryprogram is lacking in information of variables, types and structures on source codelevel, this makes it difficult to do static detection.In order to tackle such problem, the static buffer flow detection technique basedon binary form program is proposed in this paper, as well as a prototype tool to detectbuffer overflow on the basis of BinNavi, a reverse analysis platform. The key pointsare shown as follows:1. The concept and principle of buffer overflow are researched in this paper as abasis, and meanwhile, by using intermediate language, the form of buffer overflowvulnerabilities aroused by unsafe function invocation or recursive copying is inducedto specific pattern, whereby the position operation of buffer overflow is conducted.2. We employ procedural and interprocedural analysis, based on data dependence,to exploit vulnerabilities, and as a result, to reduce the false positive rate ofaforementioned method. Procedural analysis is used to filter the principle data’s datadependence set of the parts prone to attack, on the basis of reverse program slicing, sothat those parts can be found by utilizing the relations between dependence sets.However, interprocedural analysis can be used to determine the source of the principledata of the parts prone to attack, by tracking the data source based on of functionsummary information, and check whether the flaws are from outside program forfurther filtering. Finally, based on the BinNavi platform, a static buffer overflow tool is designedand implemented by using the before mentioned techniques. We selected programs,did a benchmark on the functionality and performance of the tool, and the resultshows a significant improvement on detection efficiency and reduction of falsepositive rate when performing such detection.