Research On Use-After-Free Vulnerability Mining Technology For Binary Programs

As the number and complexity of software grows larger,potential security issues in software are of concern.The Use-After-Free(UAF)vulnerability is a high-risk memory-corruption vulnerability.The number of vulnerabilities grows rapidly and is often exploited to implement cyber attacks.At present,the detection work for UAF is not perfect.The reason is that UAF vulnerability is characterized by allocating memory,freeing memory,using freed memory and appearing in order.It is necessary to track a long sequence of instructions to discover the vulnerability.Binary program reverse engineering and vulnerability mining are important issues in the field of software security research.Software vendors do not open their product source code to the development community and the security research community for the protection of their own business interests and intellectual property.Moreover,during the compilation process,the source code may introduce new security vulnerabilities due to improper compilation optimization.Therefore,the UAF vulnerability mining technology for studying binary programs has important practical significance.Firstly,UAF vulnerability detection technology based on Value-Set analysis is proposed to solve the problem that backward data flow analysis can not effectively identify pointer aliases and missing reporting caused by loop unrolling.Value-Set analysis is a static analysis method.By improving the abstract memory model,a state transfer function supporting data flow analysis,pointer analysis,inter-process analysis and vulnerability detection is established.The abstract interpreter is implemented based on the REIL intermediate language.Secondly,for the high false positive rate of the Value-Set analysis method and the vulnerability-independent path traversal problem in the symbolic execution method,a symbolic execution technique based on vulnerability path guidance is proposed.The guided symbolic execution use the result of the Value-Set analysis as input,discusses the representation of the inter-procedural,loop,and jump table paths,and the effect of multiple executions of the code block on the path representation.A partial path-oriented global path search algorithm is implemented for the invalid path traversal problem caused by the deeper level of the call from the entry to the vulnerability function.By constructing the path from the entry to the vulnerability function and combining with the vulnerability path obtained by the value set analysis,as the path clipping basis,the execution time of the guided symbol is further reduced,and the vulnerability-independent path pruning algorithm is implemented.Finally,using the sample program and the real application to evaluate the value set analysis technique and the guided symbol execution technique,the correctness and validity are verified.