Abstract
Although vulnerability analysis based on source code has achieved a significant progress, large numbers of software exist in binary code, research of binary vulnerability analysis is more important. This paper presented an overview of the field of binary vulnerability analysis framework, classified typical vulnerability analysis technologies into intermediate language, taint analysis, symbolic execution, and fuzzing, classified current framework based on typical analysis technologies, summarized limitations of current framework and design a next generation automatic binary vulnerability analysis framework, and then we summarized the core principles, process, and limitations of each analysis technology in next generation frameworks, and discussed possible optimizations that could improved vulnerability analysis. This survey on binary vulnerability analysis can provide theoretical guidance for the development of the future binary analysis.
Supported by National University of Defense and Technology and National Natural Science Foundation No. 61402492.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Xia, Z., Zhu, Y., Sun, X., et al.: Towards privacy-preserving content-based image retrieval in cloud computing. IEEE Trans. Cloud Comput. 2015 99, 1 (2016)
Xia, Z., Xiong, N.N., Vasilakos, A.V., et al.: EPCBIR: an efficient and privacy-preserving content-based image retrieval scheme in cloud computing. Inf. Sci. 387, 195–204 (2016)
Cai, Z.P., Chen, M., Chen, S., et al.: Searching for widespread events in large networked systems by cooperative monitoring. In: IEEE International Conference on Network Protocols, San Francisco, pp. 123–133 (2015). https://doi.org/10.1109/icnp.2015.46
Cai, Z., Wang, Z., Zheng, K., et al.: A distributed TCAM coprocessor architecture for integrated longest prefix matching, policy filtering, and content filtering. IEEE Trans. Comput. 62(3), 417–427 (2013). https://doi.org/10.1109/tc.2011.255
Liu, Y., Cai, Z.P., Zhong, P., et al.: Detection approach of DDoS attacks based on conditional random fields. J. Softw. 22(8), 1897–1910 (2011)
Wu, S., Guo, T., Dong, G., et al.: Software vulnerability analysis: a road map. J. Tsinghua Univ. (Sci. Technol.) 10, 1309–1319 (2012)
Jianwei, Z., Chen, L., Fan, T., et al.: Type-based dynamic taint analysis technology. J. Tsinghua Univ. 52(10), 1320–1328 (2012)
Bai, H., Chang-Zhen, H.U., Zhang, G., et al.: Binary oriented vulnerability analyzer based on hidden Markov model. IEICE Trans. Inf. Syst. 93(12), 3410–3413 (2010)
Li, X., Zheng, D., Ma, R., Liang, A., Guan, H.: MTCrossBit: a dynamic binary translation system using multithreaded optimization framework. In: Hua, A., Chang, S.-L. (eds.) ICA3PP 2009. LNCS, vol. 5574, pp. 502–512. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03095-6_48
Song, D., et al.: BitBlaze: a new approach to computer security via binary analysis. In: Sekar, R., Pujari, A.K. (eds.) ICISS 2008. LNCS, vol. 5352, pp. 1–25. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-89862-7_1
Yan, S., Kruegel, C., Vigna, G., et al.: SOK: (state of) the art of war: offensive techniques in binary analysis. In: IEEE Security and Privacy, pp. 138–157 (2016). https://doi.org/10.1109/sp.2016.17
Nethercote, N., Seward, J.: Valgrind: a framework for heavyweight dynamic binary instrumentation. ACM SIGPLAN Not. 42(6), 89–100 (2007)
Denning, D.E.: A lattice model of secure information flow. Commun. ACM 19(5), 236–243 (1976)
Qiang, H., Zeng, Q.K.: Taint propagation analysis and dynamic verification with information flow policy. J. Softw. 22, 2036–2048 (2011)
Shi, D.W., Yuan, T.W.: A dynamic taint analysis method combined with coarse-grained and fine-grained. Comput. Eng. 40(3), 12–17 (2014)
Dai, W., Liu, Z., Liu, Y.H.: Binary code-based dynamic taint analysis. Appl. Res. Comput. (2014)
Ma, J.-X., Li, Z.-J., Zhang, T., et al.: Taint analysis method based on offline indices of instruction trace. J. Softw. (2017)
Wang, L., Li, F., Li, L., et al.: Principle and practice of taint analysis. J. Softw. (2017)
Newsome, J., Song, D.: Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. Chin. J. Eng. Math. 29(5), 720–724 (2005)
Clause, J., Li, W., Orso, A.: Dytan: a generic dynamic taint analysis framework. In: Proceedings of the 2007 International Symposium on Software Testing and Analysis, pp. 196–206. ACM (2007). https://doi.org/10.1145/1273463.1273490
Qin, F., Wang, C., Li, Z., et al.: LIFT: a low-overhead practical information flow tracking system for detecting security attacks. In: IEEE/ACM International Symposium on Microarchitecture, pp. 135–148. IEEE (2006).https://doi.org/10.1109/micro.2006.29
Ouyang, Y., Wang, Q., Peng, J., et al.: An advanced automatic construction method of ROP. Wuhan Univ. J. Nat. Sci. 20(2), 119–128 (2015)
Lin, W., Cai, R., Zhu, Y., et al.: Optimization method of taint propagation analysis based on semantic rules. J. Comput. Appl. (2014)
Zhu, Z.X., Zeng, F.P., Huang, X.Y.: Dynamic symbolic taint analysis of binary programs. Comput. Sci. (2016)
Molnar, D., Li, X.C., Wagner, D.A.: Dynamic test generation to find integer bugs in x86 binary linux programs. In: Conference on Usenix Security Symposium, pp. 67–82. USENIX Association (2009)
Molnar, D.A.: Automated whitebox fuzz testing. In: Network and Distributed System Security Symposium. NDSS, California (2008). DBLP, USA (2011)
Sen, K., Marinov, D., Agha, G.: CUTE: a concolic unit testing engine for C. In: European Software Engineering Conference Held Jointly with, ACM SIGSOFT International Symposium on Foundations of Software Engineering, pp. 263–272. ACM (2005). https://doi.org/10.21236/ada482657
Sen, K.: DART: directed automated random testing. In: Namjoshi, K., Zeller, A., Ziv, A. (eds.) HVC 2009. LNCS, vol. 6405, pp. 213–223. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19237-1_4
Cadar, C., Dunbar, D., Engler, D.: KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs. In: USENIX Conference on Operating Systems Design and Implementation, pp. 209–224. USENIX Association (2009)
Boonstoppel, P., Cadar, C., Engler, D.: RWset: attacking path explosion in constraint-based test generation. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 351–366. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78800-3_27
Miller, B.P., Fredriksen, L., So, B.: An empirical study of the reliability of UNIX utilities. Commun. ACM 33(12), 32–44 (1990)
Wang, T., Wei, T., Gu, G., et al.: TaintScope: a checksum-aware directed fuzzing tool for automatic software vulnerability detection. In: IEEE Symposium on Security and Privacy, pp. 497–512. IEEE Computer Society (2010). https://doi.org/10.1109/sp.2010.37
Zhu, X.Y., Wu, Z.Y.: A new fuzzing technique using niche genetic algorithm. Adv. Mater. Res. 756–759, 4050–4058 (2013)
Wu, Z.Y., Wang, H.C., Sun, L.C., et al.: Survey on fuzzing. Appl. Res. Comput. 27(3), 829–832 (2010)
Heelan, S., Gianni, A.: Augmenting vulnerability analysis of binary code. In: Computer Security Applications Conference, pp. 199–208. ACM (2012). https://doi.org/10.1145/2420950.2420981
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Tan, T., Wang, B., Xu, Z., Tang, Y. (2018). The New Progress in the Research of Binary Vulnerability Analysis. In: Sun, X., Pan, Z., Bertino, E. (eds) Cloud Computing and Security. ICCCS 2018. Lecture Notes in Computer Science(), vol 11064. Springer, Cham. https://doi.org/10.1007/978-3-030-00009-7_25
Download citation
DOI: https://doi.org/10.1007/978-3-030-00009-7_25
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-00008-0
Online ISBN: 978-3-030-00009-7
eBook Packages: Computer ScienceComputer Science (R0)