Skip to main content
SpringerLink
Log in

Research on Intelligent Detection of Command Level Stack Pollution for Binary Program Analysis

  • Published:
Mobile Networks and Applications Aims and scope Submit manuscript

Abstract

How to efficiently and reasonably analyze binary programs has always been the primary issue in the field of software security. As for the stack, the current technology has begun to show limitations on various conditions. In this work, we will introduce a technique for intelligently detecting the stack space and operating its readable and writable area (referred to as stack pollution). We innovatively defined the concept of “stack pollution” and raised the level of analysis from byte level to instruction level: Control flow recovery and instruction promotion based on the McSema tool. The “stack pollution” technology is a process of intelligently and intact “polluting” the required research space objects, solving the three stack space constraints by modifying SEM (semantic functions) interpretation of the instructions in the promotion process.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

References

  1. Wang M, Shi L, Liu L, Ahmed M, Panneerselvan J (2018) Hybrid recommendation–based quality of service prediction for sensor services [J]. Int J Distrib Sensor Netw 14:1550147718774012

  2. Padhye R, Lemieux C, Sen K, Papadakis M, Traon YL (2019) Semantic fuzzing with zest [C]. In: ACM symposium on software testing and analysis (ISSTA’19). https://doi.org/10.1145/3293882.3330576.2019

  3. Bohme M, Paul S (2016) A probabilistic analysis of the effificiency of automated software testing. IEEE Trans Softw Eng 42(4):345–360

    Article  Google Scholar 

  4. Bohme M (2019) Assurances in software testing: A roadmap. In: Proceedings of the 41st International Conference on Software Engineering, ser. ICSE 2019, pp 1–4

  5. Li J, Huang Y, Wei Y et al (2019) Searchable symmetric encryption with forward search privacy [J]. IEEE Transactions on Dependable and Secure Computing, pp.1–1. https://doi.org/10.1109/TDSC.2019.2894411

  6. Liu Z, Li B, Huang Y et al (2019) NewMCOS: towards a practical multi-cloud oblivious storage scheme[J]. IEEE Trans Knowl Data Eng

  7. Tian Z, Su S, Shi W, Du X, Guizani M, Yu X (2019) A data-driven method for future internet route decision modeling. Futur Gener Comput Syst 95:212–220

    Article  Google Scholar 

  8. Schwartz EJ, Avgerinos T, Brumley D (2010) All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In: Proceedings of the 2010 IEEE Symposium on Security and Privacy, ser. SP ‘10. Washington, DC, USA: IEEE Computer Society, pp 317–331. [Online]. Available: https://doi.org/10.1109/SP.2010.26

  9. Orciuoli F, Parente M (2017) An ontology-driven context-aware recommender system for indoor shopping based on cellular automata. J Ambient Intell Humaniz Comput 8:937–955

    Article  Google Scholar 

  10. Tian Z, Li M, Qiu M, Sun Y, Su S (2019) Block-DEF: A secure digital evidence framework using Blockchain. Inf Sci 491:151–165. https://doi.org/10.1016/j.ins.2019.04.011

    Article  Google Scholar 

  11. Prahlad A, Schwartz JA (2018) Systems and methods for performing storage operations using network attached storage: U.S. Patent Application 15/607,192[P]

  12. Tang X, Song T, Wang K et al (2019) Fine-grained access control on android through behavior monitoring[M]//advances in computer communication and computational sciences. Springer, Singapore, pp 525–532

  13. Luo X, Liu D, Wu X et al (2018) Making Userspace TCP stacks transparent to applications[C]//2018 IEEE Intl Conf on parallel & distributed processing with applications, Ubiquitous Computing & Communications, big Data & Cloud Computing, Social Computing & Networking, Sustainable Computing & Communications (ISPA/IUCC/BDCloud/SocialCom/SustainCom). IEEE, pp 651–658

  14. Davi L, Liebchen C, Sadeghi AR et al (2015) Isomeron: code randomization resilient to (just-in-time) return-oriented programming[C]//NDSS

  15. Chen T, Feng Y, Lin X et al (2018) DBAF: dynamic binary analysis framework and its applications[C]//international conference on network and system security. Springer, Cham, 361–375

  16. Liu Z, Huang Y, Li J et al (2018) DivORAM: towards a practical oblivious RAM with variable block size[J]. Inf Sci 447:1–11

    Article  Google Scholar 

  17. The LLVM Compiler Infrastructure. https://llvm.org/docs/GettingStarted.html

  18. Bohme M, Pham V-T, Nguyen M-D, Roychoudhury A (2017) Directed greybox fuzzing. In: Proceedings of the ACM SIGSAC conference on computer and communications security (CCS)

  19. Tian Z, Gao X, Su S, Qiu J, Du X, Guizani M (2019) Evaluating reputation management schemes of internet of vehicles based on evolutionary game theory. IEEE Trans Veh Technol 68(6):5971–5980

    Article  Google Scholar 

  20. Tian Z, Shi W, Wang Y, Zhu C, Du X, Su S, Sun Y, Guizani N (2019) Real time lateral movement detection based on evidence reasoning network for edge computing environment. IEEE Transactions on Industrial Informatics 15(7):4285–4294

    Article  Google Scholar 

  21. Bao T, Wang R, Shoshitaishvili Y et al (2017) Your exploit is mine: automatic shellcode transplant for remote exploits[C]//2017 IEEE symposium on security and privacy (SP). IEEE, pp 824–839

  22. Hori A, Si M, Gerofi B et al (2018) Process-in-process: techniques for practical address-space sharing[C]//Proceedings of the 27th international symposium on high-performance parallel and distributed computing. ACM, pp 131–143

  23. Cowan C, Pu C, Maier D, Hinton H, Walpole J, Bakke P, Beattie S, Grier A, Wagle P, Zhang Q (1997) StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. Presented at the proceedings of the 7th USENIX Security Symposium, San Antonio, Texas, vol 81, pp 346–355

  24. ‘/GS’-Buffer security check. Microsoft. https://msdn.microsoft.com/zh-cn/windows/desktop/8dbf701c

  25. Prasad M, Chiueh T-C (2003) A Binary Rewriting Defense Against Stack based Buffer Overflow Attacks. Presented at the Proceedings of the Grneral Track: 2003 USENIX annual technical conference, San Anonio, Texas, USA, pp 211–224

  26. Abadi M, Budiu M, Erlingsson Ú, Ligatti J (2005) Control-flow integrity,” presented at the the 12th ACM conference on Computer and Communication Security (CCS’05), New York, New York, USA, p 340

  27. Dang THY, Maniatis P, Wagner D (2015) The performance cost of shadow stacks and stack canaries[C]//Proceedings of the 10th ACM symposium on information, computer and communications security. ACM, pp 555–566

  28. Bohme M, Pham V-T, Roychoudhury A (2016) Coverage-based greybox fuzzing as markov chain. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS), pp 1032–1043

  29. Gan S, Zhang C, Qin X, Tu X, Li K, Pei Z, Chen Z. Collafl: Path sensitive fuzzing. In: 2018 IEEE Symposium on Security and Privacy (SP), vol 00, pp 660–677

  30. Godefroid P, Peleg H, Singh R (2017) Learn&fuzz: machine learning for input fuzzing. In: 32nd IEEE/ACM international conference on automated software engineering (ASE)

  31. Dolan-Gavitt B, Hulin P, Kirda E, Leek T, Mambretti A, Robertson WK, Ulrich F, Whelan R (2016) LAVA: large-scale automated vulnerability addition. In: IEEE Symposium on Security and Privacy. IEEE Computer Society, pp 110–121

  32. Qiu J, Du L, Zhang D, Su S, Tian Z (2019) Nei-TTE: intelligent traffic time estimation based on fine-grained time derivation of road segments for smart city. IEEE Transactions on Industrial Informatics. https://doi.org/10.1109/TII.2019.2943906

Download references

Acknowledgements

This paper is supported by the Guangdong Province Key Area R&D Program of China under Grant No. 2019B010137004 and the National Natural Science Foundation of China under Grant No. 61972108, No. U1636215, No.61572153 and the National Key research and Development Plan under Grant No. 2018YFB0803504, Guangdong Province Universities and Colleges Pearl River Scholar Funded Scheme (2019).

Author information

Authors and Affiliations

  1. Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou, 510006, China

    Hui Lu, Chengjie Jin, Xiaohan Helu, Yanbin Sun, Yi Han & Zhihong Tian

  2. Peng Cheng Laboratory, Shenzhen, 518055, China

    Man Zhang

Authors
  1. Hui Lu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chengjie Jin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xiaohan Helu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Man Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Yanbin Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Yi Han
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Zhihong Tian
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Yanbin Sun or Yi Han.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Lu, H., Jin, C., Helu, X. et al. Research on Intelligent Detection of Command Level Stack Pollution for Binary Program Analysis. Mobile Netw Appl 26, 1723–1732 (2021). https://doi.org/10.1007/s11036-019-01507-0

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11036-019-01507-0

Keywords

Search

Navigation