Detection Of Program Vulnerability Based On Memory Access Trace

In recent years,memory leaks,buffer overflows,and other memory vulnerabilities have occurred frequently,especially for memory-unsafe languages such as C and C ++,which are more susceptible to memory vulnerabilities,resulting in unpredictable system crashes.Once these vulnerabilities are exploited by malicious attackers,they will cause serious consequences.In addition,inefficient code behaviors caused by programmers' negligence occur more often.Although these behaviors will not bring fatal consequences,they will seriously affect the execution efficiency of the program.What's more,attackers will use the characteristics of the system to conduct malicious attacks to obtain sensitive information in memory,such as Spectre and Meltdown that have erupted in recent years,which also pose a great threat to memory security.Therefore,the detection of memory security vulnerabilities is particularly important.Dynamic detection and static detection are currently widely used vulnerability detection methods.Both of these methods have their own advantages and are favored by many scientific researchers.As a result,many scientific research results have been produced,but certain limitations are unavoidable.Or the detection scope is limited to the heap,or the detection efficiency is low,or need to analyze the source code.In this paper,by combining dynamic detection and static detection,a program vulnerability detection method based on memory access trace is proposed.The main contents and innovations are as follows:(1)The finite state machine model is applied to memory access,and several related memory vulnerabilities are defined according to operations that violate the state transition in the finite state machine model,and formally describe it as a constraint expression that the solver can understand.(2)Dynamically track and record the memory access trace of executable programs through binary instrumentation,including function records,memory allocation and release records,memory read and write records,and global variables.It is tracked from two perspectives of data flow and control flow,thereby analyzing the execution sequence of memory operations and memory access patterns of executable programs.(3)According to the state conversion sequence of the memory operation and the vulnerability model,calculate the constraints that may trigger the vulnerability,then call the Z3 solver to determine whether the vulnerability is triggered,and at the same time find the address and type of vulnerability,finally visualize the detection results.It shows that we can clearly and intuitively describe the track of memory access and the location of the vulnerability.Additionally,we tested the effectiveness and performance of our method by some experiments.The results show that the method of this paper can effectively detect the relevant vulnerabilities while ensuring efficiency.