Research On Buffer Overflow Vulnerability Detection Technology Of Binary Programs Based On Code Characteristics

At present,buffer overflow vulnerability is at a high incidence state.Nowadays,dynamic analysis is adopted more in vulnerability detection technology,but its path coverage rate is low and its operation cost is high.Static analysis does not need to run the program,and its path coverage is high.In addition,there is a lack of mature detection tools for binary buffer overflow vulnerabilities.To solve the above problems,a binary program buffer overflow vulnerability detection technique based on code characteristics is proposed.The static analysis method is used to construct the vulnerability characteristic model and detect the characteristics of the two buffer overflow vulnerability trigger modes.The main work of this paper is as follows:1.The status quo of buffer overflow vulnerability detection is introduced,the feasibility of applying code-characteristic-based vulnerability detection technology to buffer overflow vulnerability detection is elaborated,and the research plan of this paper is proposed.2.An unsafe function call detection method based on data flow tracking is proposed.By tracing back the source buffer and destination buffer and judging the controllability of the source buffer,unsafe function calls can be detected and false-positive rate and false-negative rate of vulnerability detection can be reduced.3.A loop writing memory operation detection method based on the extended self-dependent chain is proposed.By identifying the write memory instruction in the loop structure,calculating the extended self-dependent chain and judging whether it conforms to the vulnerability characteristics,the loop writing memory operation vulnerability can be effectively detected.4.Based on the above research,a prototype system for detecting binary program buffer overflow vulnerability is designed and implemented.Based on the Bin Navi reverse analysis platform,the system has the ability to detect both unsafe function calls and loop writing memory operations.The experiments verify the effectiveness of the prototype system.