A Study Of Double Free Vulnerability Detection Based On Symbolic Execution

In recent years,the development of information technology has brought hidden dangers to network security that cannot be ignored,and the vulnerability of network security depends on the vulnerabilities of system software and hardware.Among them,the heap memory-related Double Free vulnerability is difficult to detection because of the complex timing relationship brought by pointers.When the release of memory objects is released again,it can cause vulnerability in memory management and trigger Double Free vulnerability by constructing pseudo-heap blocks for purposes such as control flow hijacking or even arbitrary code execution.Therefore,in order to improve the reliability of software programs,this article uses symbolic execution techniques to detection the Double Free vulnerabilities in the source programs,and the main contributions of this thesis are as follows:In terms of symbol execution theory and technology,the development of the symbolic execution ideas is collated and analyzed,the symbolic execution algorithm and the activity diagram of the execution framework are given,the intermediate representation,path search strategy and constraint solving of symbolic execution process are outlined,and the application of symbolic execution in the direction of vulnerability detection is sorted out and analyzed,and three symbolic execution methods are selected and constructed into actual open source projects for comparative analysis.In terms of Double Free vulnerability,we propose to elaborate the characteristics of Double Free vulnerability from three levels: lexical,syntactic and semantic,and construct relevant constraints to support subsequent vulnerability detection.In terms of Double Free vulnerability detection based on symbolic execution,a symbolic execution system for Double Free vulnerability detection is constructed.According to the function of the detection system,it can be divided into front-end processing module,symbolic execution module and back-end output module.A frontend processing module composed of program processing and analysis and the characteristics analysis of Double Free vulnerability is designed and implemented.The execution stage and output module are designed and implemented,which are composed of memory model,path search,constraint solving.Finally,in order to validate the Double Free vulnerability detection system based on symbolic execution,the relevant experimental environment was deployed,the vulnerability data set of CWE415＿Double＿Free in Juliet Test Suite was selected to verify the effectiveness of the system detection.In addition,in order to objectively evaluate the performance of the Double Free vulnerability detection based on symbol execution,three vulnerability detection tools including Cppcheck,Flawfinder and Splint were selected as the control group,the detection results are analyzed statistically and the indicators of the omission rate and false alarm rate of the four methods are compared in the Double Free vulnerability data set.The experiments show that the Double Free vulnerability detection based on symbolic execution can detection most of the Double Free vulnerabilities and has high detection efficiency.Figure [38] table [19] reference [84]...