一种跨指令架构二进制漏洞搜索技术研究

doi:10.3969/j.issn.1671-1122.2017.09.005

信息网络安全 ›› 2017, Vol. 17 ›› Issue (9): 21-25.doi: 10.3969/j.issn.1671-1122.2017.09.005

一种跨指令架构二进制漏洞搜索技术研究

徐威扬(), 李尧, 唐勇, 王宝生

国防科技大学网络工程系, 湖南长沙 410073

收稿日期:2017-08-01 出版日期:2017-09-20 发布日期:2020-05-12
作者简介:
作者简介：徐威扬（1992—）,男,湖南, 硕士研究生,主要研究方向为网络安全与二进制比对;李尧（1992—）,男,湖南, 硕士研究生,主要研究方向为网络安全与二进制比对;唐勇（1979—）,男,湖南, 副研究员,博士,主要研究方向为网络安全与系统安全;王宝生（1970—）,男,湖南, 研究员,博士,主要研究方向为计算机网络与网络安全。
基金资助:
国家自然科学基金[61472437]

Research on Cross-architecture Vulnerabilities Searching in Binary Executables

Weiyang XU(), Yao LI, Yong TANG, Baosheng WANG

Department of Network Engineering, National University of Defense Technology, Changsha Hunan 410073, China

Received:2017-08-01 Online:2017-09-20 Published:2020-05-12

摘要/Abstract

摘要：

计算机软件技术不断发展过程中,漏洞的出现无法避免,快速识别漏洞是保护计算机系统的关键。现有识别漏洞的方法多数是基于源代码的,即使基于二进制层面的方法也只是在单一指令架构上完成。针对以上问题,文章提出一种高效搜索二进制代码漏洞的方法。将不同指令架构的汇编代码规范化,提取漏洞特征与二进制文件特征,通过特征匹配算法找出二进制文件中存在漏洞之处。实验表明,该方法能够准确找到样例中存在的已知漏洞,如OpenSSL库中的Heartbleed漏洞、BusyBox中的提权漏洞以及路由器固件中存在的后门。

关键词: 二进制比对, 漏洞搜索, 特征匹配

Abstract:

During the development of computer software, the emergence of vulnerabilities can not be avoided. Thus, rapid identification of vulnerabilities is the key to protect the computer system. Most of the existing methods are based on source code, and the methods based on binary are only done on single instruction architecture. Because of the above problems, this paper proposes an efficient way to search vulnerabilities on binary level, which standardizes the assembly code of different instruction architecture, extracts features of vulnerabilities and binary executables, and finds the vulnerabilities of binary executables by using features matching algorithm. Experiments show that the method can accurately find the known vulnerabilities in the samples, such as the Heartbleed vulnerability in the OpenSSL library, the Rootkit vulnerabilities in the BusyBox and the back doors that exist in the router firmware.

Key words: binary matching, vulnerabilities searching, feature matching

中图分类号:

TP393

徐威扬, 李尧, 唐勇, 王宝生. 一种跨指令架构二进制漏洞搜索技术研究[J]. 信息网络安全, 2017, 17(9): 21-25.

Weiyang XU, Yao LI, Yong TANG, Baosheng WANG. Research on Cross-architecture Vulnerabilities Searching in Binary Executables[J]. Netinfo Security, 2017, 17(9): 21-25.

图/表 8

参考文献 10

[1]	PEWNY J, SCHUSTER F, BERNHARD L, et al.Leveraging Semantic Signatures for Bug Search in Binary Programs[C]//ACSAC. Annual Computer Security Applications Conference, December 8 - 12, 2014 ,New Orleans, Louisiana, USA . New York:ACM. 2014:406-415.
[2]	BOURQUIN M, KING A, ROBBINS E.Binslayer: Accurate Comparison of Binary Executables[C]//PPREW. ACM SIGPLAN Program Protection and Reverse Engineering Workshop, January 26, 2013. Rome, Italy. ITA:PPREW, 2013:1-10.
[3]	PEWNY J, GARMANY B, GAWLIK R, et al.Cross-Architecture Bug Search in Binary Executables[C]//IEEE. 36th IEEE Symposium on Security and Privacy (S&P), May 18-20, 2015. Fairmont, San Jose,CA. NJ:IEEE, 2015:709-724.
[4]	刘春红,郭涛,崔宝江,等. 二进制文件同源性检测的结构化相似度计算[J]. 北京邮电大学学报,2012,35(3):56-60.
[5]	王毅,唐勇,卢泽新,等. 恶意代码聚类中的特征选取[J]. 信息网络安全,2016(9):64-68.
[6]	DAVID Y, PARTUSH N, YAHAV E.Statistical Similarity of Binaries[J]. ACM Sigplan Conference on Programming Language Design & Implementation, 2016,51(6):266-280.
[7]	林佳萍,李晖,等. 安卓恶意软件检测研究综述[J]. 信息网络安全,2016(10):80-88.
[8]	LUO Lannan, MING Jiang, WU Dinghao, et al.Semantics-based Obfuscation-resilient Binary Code Similarity Comparison with Applications to Software Plagiarism Detection[C]//FSE. ACM SIGSOFT International Symposium on Foundations of Software Engineering, November 16 - 21, 2014 . Hong Kong, China. CHN:FSE, 2014:389-400.
[9]	彭建山,奚琪,王清贤,等. 二进制程序整型溢出漏洞的自动验证方法[J]. 信息网络安全,2017(5):14-21.
[10]	IDA. Pro - Interactive Disassembler[EB/OL]. , 2016-3-11.

一种跨指令架构二进制漏洞搜索技术研究

Research on Cross-architecture Vulnerabilities Searching in Binary Executables

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 8

参考文献 10

相关文章 1

编辑推荐

Metrics

本文评价