二进制程序的动态符号化污点分析

doi:10.11896/j.issn.1002-137X.2016.02.034

Abstract

Abstract: The dynamic taint analysis (DTA for short) technique is usually applied to track information flow and detect security vulnerabilities.It detects the vulnerabilities of program triggered by some test cases dynamically.Though its false positive rate is very low,its false negative rate is very high.Concerning this issue,the dynamic symbolic taint ana-lysis (DSTA for short) is an enhancement to dynamic symbolic analysis,which symbolizes the taint analysis to reduce false negative rate.The technique collects taint information according to taint propagating based on instructs,and makes symbolic risk rule to find some potential vulnerabilities by detecting whether the taint information breaks some risk rules.The experimental results show that this method not only ensures the advantage of DTA’s low false positive rate,but also reduces the disadvantage of DTA’s high false negative rate.The information of vulnerabilities,risks and taint data can be applied to generate test cases,which improves the test efficiency and reduces the redundancy of test case.

Key words: Taint analysis,Symbolic,Vulnerability detecting,Test case,Data tracking

ZHU Zheng-xin, ZENG Fan-ping and HUANG Xin-yi. Dynamic Symbolic Taint Analysis of Binary Programs[J].Computer Science, 2016, 43(2): 155-158.

References

[1] Peach [EB/OL].http://peachfuzzer.com/.2009 June
[2] SPIKE.http://www.immunitysec.com/resources-free-software.shtml
[3] Luk C K,Cohn R,Muth R,et al.Pin:building customized program analysis tools with dynamic instrumentation[J].ACM Sigplan Notices,2005,0(6):190-200
[4] Nethercote N,Seward J.Valgrind:a framework for heavyweight dynamic binary instrumentation[J].ACM Sigplan Notices,ACM,2007,2(6):89-100
[5] Newsome D S J.Dynamic Taint Analysis:Automatic Detection,Analysis,and Signature Generation of Exploit Attacks on Commodity Software[C]∥Proceedings of the 12^th Annual Network and Distributed System Security Symposium (NDSS).2005
[6] Qin F,Wang C,Li Z,et al.Lift:A low-overhead practical information flow tracking system for detecting security attacks[C]∥39th Annual IEEE/ACM International Symposium on Microarchitecture,2006(MICRO-39).IEEE,2006:135-148
[7] Clause J,Li W,Orso A.Dytan:a generic dynamic taint analysis framework[C]∥Proceedings of the 2007 international sympo-sium on Software testing and analysis.ACM,2007:196-206
[8] Bekrar S,Bekrar C,Groz R,et al.A taint based approach forsmart fuzzing[C]∥2012 IEEE Fifth International Conference on Software Testing,Verification and Validation (ICST).IEEE,2012:818-825
[9] King J C.Symbolic execution and program testing[J].Communications of the ACM,1976,9(7):385-394
[10] Niu Wei-na,Ding Xue-feng,Liu Zhi,et al.Vulnerability Finding Using Symbolic Execution on binary program[J].Computer Scie-nce,2013,0(10):119-121,8(in Chinese) 牛伟纳,丁雪峰,刘智,等.基于符号执行的二进制代码漏洞发现[J].计算机科学,2013,0(10):119-121,8
[11] Kang M G,McCamant S,Poosankam P,et al.DTA++:Dynamic Taint Analysis with Targeted Control-Flow Propagation∥www.cs.berkeley.edu/~dawnsong/papers/2011%20dat++-ndss11.pdf
[12] Wang T,Wei T,Gu G,et al.TaintScope:A checksum-aware directed fuzzing tool for automatic software vulnerability detection[C]∥2010 IEEE Symposium on Security and Privacy (SP).IEEE,2010:497-512
[13] Wang Z,Tang Z,Zhou K,et al.DsVD:An Effective Low-Overhead Dynamic Software Vulnerability Discoverer[C]∥2011 10th International Symposium on Autonomous Decentralized Systems (ISADS).IEEE,2011:372-377
[14] Pin.https://software.intel.com/en-us/articles/pintool
[15] Kemerlis V P,Portokalidis G,Jee K,et al.libdft:Practical dynamic data flow tracking for commodity systems[J].ACM SIGPLAN Notices,ACM,2012,7(7):121-132

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed

Comments

Recommended 0

No Suggested Reading articles found!

Dynamic Symbolic Taint Analysis of Binary Programs

PDF (PC)

Abstract

Cite this article

share this article

References

Related Articles 0

Metrics

Comments

Recommended 0