Abstract
For the purpose of discovering security flaws in software, many dynamic and static taint analyzing techniques have been proposed. The dynamic techniques can precisely find the security flaws of the software; but it suffers from substantial runtime overhead. On the other hand, the static techniques require no runtime overhead; but it is often not accurate enough. In this paper, we propose HYBit, a novel hybrid framework which integrates dynamic and static taint analysis to diagnose the security flaws for binary programs. In the framework, the source binary is first analyzed by the dynamic taint analyzer; then, with the runtime information provided by its dynamic counterpart, the static taint analyzer can process the unexecuted part of the target program easily. Furthermore, a taint behavior filtration mechanism is proposed to optimize the performance of the framework. We evaluate our framework from three perspectives: efficiency, coverage, and effectiveness, and the results are encouraging.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Tripp, O., Pistoia, M., et al.: TAJ: Effective Taint Analysis of Web Applications. In: Proceedings of the 2009 ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 87–97. ACM Press, New York (2009)
Csallner, C., Smaragdakis, Y., Xie, T.: Dsd-crasher: A hybrid analysis tool for bug finding. ACM Transactions on Software Engineering and Methodology 17(2), 1–37 (2008)
Zuliani, P., Platzer, A., Clarke, E.M.: Bayesian statistical model checking with application to simulink/stateflow verification. In: Proceedings of the 13th ACM International Conference on Hybrid Systems: Computation and Control, pp. 243–252. ACM Press, New York (2010)
Newsome, J., Song, D.: Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In: Proceedings of 2005 Network and Distributed System Security Symposium. Internet Society, Virginia (2005)
Clause, J., Li, W., Orso, A.: Dytan: a generic dynamic taint analysis framework. In: Proceedings of the 2007 International Symposium on Software Testing and Analysis, pp. 196–206. ACM Press, New York (2007)
Qin, F., Wang, C., Li, Z., et al.: Lift: A lowoverhead practical information flow tracking system for detecting security attacks. In: Proceedings of the 39th Annual IEEE/ACM International Symposium on Microarchitecture, pp. 135–148. IEEE Computer Society, Washington (2006)
Yang, Y., Guan, H., Zhu, E., et al.: CrossBit: A Multi-Sources and Multi-Targets DBT. In: The First International Conference on Cloud Computing, GRIDs, and Virtualization, pp. 41–47. IARIA (2010)
Guan, H., Zhu, E., Wang, H., et al.: SINOF: A dynamic-static combined framework for dynamic binary translation. Journal of Systems Architecture 58(8), 305–317 (2012)
Yin, H., Song, D., Egele, M., et al.: Panorama: capturing system-wide information flow for malware detection and analysis. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 116–127. ACM Press, New York (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhu, E., Guan, H., Liang, A., Xu, R., Li, X., Liu, F. (2013). HYBit: A Hybrid Taint Analyzing Framework for Binary Programs. In: Tan, Y., Shi, Y., Mo, H. (eds) Advances in Swarm Intelligence. ICSI 2013. Lecture Notes in Computer Science, vol 7929. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38715-9_28
Download citation
DOI: https://doi.org/10.1007/978-3-642-38715-9_28
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38714-2
Online ISBN: 978-3-642-38715-9
eBook Packages: Computer ScienceComputer Science (R0)