轻量级嵌入式软件动态二进制插桩算法

doi:10.3969/j.issn.1671-1122.2021.04.010

信息网络安全 ›› 2021, Vol. 21 ›› Issue (4): 89-95.doi: 10.3969/j.issn.1671-1122.2021.04.010

轻量级嵌入式软件动态二进制插桩算法

梁晓兵¹, 孔令达¹(), 刘岩¹, 叶莘²

1.中国电力科学研究院有限公司计量研究所,北京 100085
2.国网浙江省电力有限公司营销服务中心,杭州 310007

收稿日期:2020-12-03 出版日期:2021-04-10 发布日期:2021-05-14
通讯作者: 孔令达 E-mail:cy1818cy@163.com
作者简介:梁晓兵（1978—）,男,河南,高级工程师,博士,主要研究方向为信息安全|孔令达（1990—）,男,黑龙江,工程师,硕士,主要研究方向为电表质量分析、软件安全|刘岩（1982—）,女,山东,高级工程师,硕士,主要研究方向为智能量测|叶莘（1991—）,男,浙江,工程师,硕士,主要研究方向为嵌入式安全
基金资助:
国家电网有限公司总部科技项目(5600-201955458A-0-0-00)

Lightweight Dynamic Binary Instrumentation Algorithm for Embedded Software

LIANG Xiaobing¹, KONG Lingda¹(), LIU Yan¹, YE Xin²

1. Institute of Metrology, China Electric Power Research Institute Co., Ltd., Beijing 100085, China
2. Marketing Service Center, State Grid Zhejiang Electric Power Co., Ltd., Hangzhou, 310007, China

Received:2020-12-03 Online:2021-04-10 Published:2021-05-14
Contact: KONG Lingda E-mail:cy1818cy@163.com

摘要/Abstract

摘要：

软件二进制插桩是软件性能分析、漏洞挖掘、质量评价领域的关键技术。在嵌入式环境下,传统动态插桩算法受到无操作系统、CPU架构复杂、内存资源紧张等局限,难以展开工作。文章以软件动态二进制插桩算法为研究目的,通过静态特征分析和动态跟踪算法,引入图论算法对固件中的二进制进行分析,提出了嵌入式设备远程调试协议,实现了对软件运行时信息的获取。与传统方案相比,文章所想方案解决了现有工具对源码、操作系统或CPU架构的依赖,同时显著降低了内存和运算资源的占用率,可以有效解决嵌入式设备的动态插桩问题。

关键词: 软件插桩, 二进制插桩, 软件调试, 控制流分析

Abstract:

Binary instrumentation is a key technology in the fields of software performance analysis, vulnerability mining, and quality evaluation. When working on the embedded environment, traditional dynamic instrumentation algorithms are facing limitations like lacking operating system, complex CPU architecture, and tight memory resources. Those limitations make binary instrumentation on embedding software extremely difficult. Therefore, this paper studies the lightweight binary dynamic instrumentation technology, and realizes the acquisition of software runtime information through static feature analysis and dynamic tracking algorithms. Graph-based algorithms and embedded-oriented remote debugging protocol are introduced as well. Compared with the traditional solution, the solution in this article solves the dependence on source code, operating system or CPU architecture, while significantly reducing the occupancy rate of memory and computing resources. Therefore dynamic binary instrumentation work can be effectively solved.

Key words: software instrumentation, binary instrumentation, software debugging, binary analysis

中图分类号:

TP309

梁晓兵, 孔令达, 刘岩, 叶莘. 轻量级嵌入式软件动态二进制插桩算法[J]. 信息网络安全, 2021, 21(4): 89-95.

LIANG Xiaobing, KONG Lingda, LIU Yan, YE Xin. Lightweight Dynamic Binary Instrumentation Algorithm for Embedded Software[J]. Netinfo Security, 2021, 21(4): 89-95.

图/表 6

表1

表2

表3

表4

图1

图2

参考文献 20

[1]	YAN Lijing, SHAN Zheng, JIA Xun, et al. Software Dynamic Trusted Measurement Based on Behavior Trace[J]. Application Research of Computers, 2017,34(2):539-542.
	闫丽景, 单征, 贾珣, 等. 基于行为轨迹的软件动态可信度量[J]. 计算机应用研究, 2017,34(2):539-542.
[2]	LIN Liangcheng, GUO Tao, FENG Baozhan. Fuzz Test Vulnerability Mining Method Based on Execution Path[J]. China New Telecommunications, 2020,22(1):43-44.
	林亮成, 国涛, 封保占. 基于执行路径的模糊测试漏洞挖掘方法[J]. 中国新通信, 2020,22(1):43-44.
[3]	MOMENI B, KHARRAZI M. LDMBL: An Architecture for Reducing Code Duplication in Heavyweight Binary Instrumentations[J]. Software: Practice and Experience, 2018,48(9):1642-1659. doi: 10.1002/spe.v48.9 URL
[4]	LU Shuaibing, ZHANG Ming, LIN Zhechao, et al. Dynamic Binary Translation and Instrumentation Based Function Call Tracing[J]. Journal of Computer Research and Development, 2019,56(2):197-206.
	卢帅兵, 张明, 林哲超, 等. 基于动态二进制翻译和插桩的函数调用跟踪[J]. 计算机研究与发展, 2019,56(2):197-206.
[5]	KHAMPARIA A, BANU S J. Program Analysis with Dynamic Instrumentation Pin and Performance Tools[C]// IEEE. International Conference on Emerging Trends in Computing, Communication and Nanotechnology (ICE-CCN), March 25-26, 2013, Tirunelveli, India. New York: IEEE, 2013: 436-440.
[6]	EBCIOGLU K, ALTMAN E, GSCHWIND M, et al. Dynamic Binary Translation and Optimization[J]. IEEE Transactions on Computers, 2001,50(6):529-548. doi: 10.1109/12.931892 URL
[7]	BUCK B. An API for Runtime Code Patching[J]. International Journal of High Performance Computing Applications, 2000,14(4):317-329. doi: 10.1177/109434200001400404 URL
[8]	HORVATH F, GERGELY T, BESZEDES A, et al. Code Coverage Differences of Java Bytecode and Source Code Instrumentation Tools[J]. Software Quality Journal, 2019,27(1):79-123. doi: 10.1007/s11219-017-9389-z URL
[9]	GUO Wensheng, WANG Yong, YANG Xia, et al. Codecomb: Automated Test Case Generation and Defect Detecting for Embedded Software Based on Symbolic Execution[J]. Journal of Chinese Computer Systems, 2017,38(6):1250-1255.
	郭文生, 汪勇, 杨霞, 等. Codecomb:基于符号执行的嵌入式软件测试案例自动生成与缺陷检测[J]. 小型微型计算机系统, 2017,38(6):1250-1255.
[10]	ZOU Wei, GAO Feng, YAN Yunqiang. Dynamic Binary Instrumentation Based on QEMU[J]. Journal of Computer Research and Development, 2019,56(4):730-741.
	邹伟, 高峰, 颜运强. 基于QEMU的动态二进制插桩技术[J]. 计算机研究与发展, 2019,56(4):730-741.
[11]	YANG Guangxiang. Code Embedding Technology of ELF Executable Program[J]. Programmer, 2008,10(3):104-106.
	杨广翔. ELF格式可执行程序的代码嵌入技术[J]. 程序员, 2008,10(3):104-106.
[12]	HU S J, KO J, WEYAND L, et al. Assembly System Design and Operations for Product Variety[J]. CIRP Annals, 2011,60(2):715-733. doi: 10.1016/j.cirp.2011.05.004 URL
[13]	REN Yushuai. Design of Remote Debug Tool Based on Arm and T-kernel[J]. Microcontrollers & Embedded Systems, 2018,18(5):44-48.
	任玉帅. Arm和T-kernel系统的远程调试工具设计[J]. 单片机与嵌入式系统应用, 2018,18(5):44-48.
[14]	BAGHERZADEH M, KAHANI N, BEZEMER C P, et al. Analyzing A Decade of Linux System Calls[J]. Empirical Software Engineering, 2018,23(3):1519-1551. doi: 10.1007/s10664-017-9551-z URL
[15]	KENISTON J, MAVINAKAYANAHALLI A, PANCHAMUKHI P, et al. Ptrace, Utrace, Uprobes: Lightweight, Dynamic Tracing of User Apps[EB/OL]. https://www.researchgate.net/publication/228943171_Ptrace_utrace_uprobes_Lightweight_dynamic_tracing_of_user_apps, 2020-11-18.
[16]	MIKHAILOV A A. Control Flow Graph Analysis in Decompilation of Object Files[J]. Computer Science Technologies Series, 2016,12(2):74-79.
[17]	LU Wei, FANG Yanwei, CHEN Yaquan. The Solutions and Key Technologies for URLLC Ultra-Low Latency[J]. Mobile Communications, 2020,44(2):8-14.
	陆威, 方琰崴, 陈亚权. URLLC超低时延解决方案和关键技术[J]. 移动通信, 2020,44(2):8-14.
[18]	ZHANG Lei, CHEN Xingshu, REN Yi, et al. Kernel-level Rootkit Detection Technology Based on VMM[J]. Netinfo Security, 2015,15(4):56-61.
[19]	MCVOY L, STAELIN C. Lmbench: Portable Tools for Performance Analysis[EB/OL]. https://dl.acm.org/doi/10.5555/1268299.1268322, 2020-12-01.
[20]	LUO Lannan, MING Jiang, WU Dinghao, et al. Semantics-based Obfuscation-resilient Binary Code Similarity Comparison with Applications to Software Plagiarism Detection[C]// FSE. ACM SIGSOFT International Symposium on Foundations of Software Engineering, November 16-21, 2014, Hong Kong, China. CHN: FSE, 2014: 389-400.

原语	含义
CONNECT	建立连接并开始监听
WAIT	等待断点触发
CONTINUE	从断点处继续执行
GET_REGS	读取寄存器
GET_MEMORY	读取内存
SET_MEMORY	写入内存
DISCONNECT	结束监听并断开连接

Hardware & Software	Version
Architecture	x86
Operating System	Linux
Linux core	4.4.238
C++ Compiler	g++
g++	9.3.0
binstub	1.0
Pin	3.16
Dyninst	9.3.2

程序类型描述	桩点数量	每桩点触发次数
Sync I/O intensive	1	100
Sync I/O intensive	100	1
Async I/O intensive	1	100
Async I/O intensive	100	1
CPU intensive	1	100
CPU intensive	100	1

插桩模式	调试协议
不插桩	无
启动时插桩	Ptrace
运行时插桩	Ptrace
运行时插桩	硬件断点

轻量级嵌入式软件动态二进制插桩算法

Lightweight Dynamic Binary Instrumentation Algorithm for Embedded Software

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 6

参考文献 20

相关文章 15

编辑推荐

Metrics

本文评价

[1]	张昱, 孙光民, 李煜. 基于SM9算法的移动互联网身份认证方案研究[J]. 信息网络安全, 2021, 21(4): 1-9.
[2]	郑洪英, 李琳, 肖迪. 面向雾计算的压缩感知图像秘密传输和篡改恢复方案[J]. 信息网络安全, 2021, 21(4): 10-20.
[3]	游文婷, 张乐友, 叶亚迪, 李晖. 多用户通信机制中支持隐私保护的属性基动态广播加密[J]. 信息网络安全, 2021, 21(4): 21-30.
[4]	宋宇波, 马文豪, 胡爱群, 王俊波. 一种基于像素值偏移编解码技术的屏摄隐通道研究[J]. 信息网络安全, 2021, 21(4): 31-38.
[5]	蔡满春, 王腾飞, 岳婷, 芦天亮. 基于ARF的Tor网站指纹识别技术[J]. 信息网络安全, 2021, 21(4): 39-48.
[6]	王健, 赵曼莉, 陈志浩, 石波. 基于假名的智能交通条件隐私保护认证协议[J]. 信息网络安全, 2021, 21(4): 49-61.
[7]	张凯, 刘京菊. 基于漏洞动态可利用性的网络入侵路径分析方法[J]. 信息网络安全, 2021, 21(4): 62-72.
[8]	林文兵, 张敏情, 周能, 孔咏骏. 基于同态加密的密文域可逆信息隐藏技术研究[J]. 信息网络安全, 2021, 21(4): 73-80.
[9]	任航, 程相国, 张睿, 夏辉. 基于议价贝叶斯博弈模型的防欺诈策略[J]. 信息网络安全, 2021, 21(4): 81-88.
[10]	石乐义, 徐兴华, 刘祎豪, 刘佳. 一种改进概率神经网络的工业控制系统安全态势评估方法[J]. 信息网络安全, 2021, 21(3): 15-25.
[11]	刘延华, 刘志煌. 一种基于用户行为模式的匿名数据鉴定方法[J]. 信息网络安全, 2021, 21(3): 44-52.
[12]	李佳玮, 吴克河, 张波. 基于高斯混合聚类的电力工控系统异常检测研究[J]. 信息网络安全, 2021, 21(3): 53-63.
[13]	路宏琳, 王利明. 面向用户的支持用户掉线的联邦学习数据隐私保护方法[J]. 信息网络安全, 2021, 21(3): 64-71.
[14]	芦效峰, 付淞兵. 属性基加密和区块链结合的可信数据访问控制方案[J]. 信息网络安全, 2021, 21(3): 7-8.
[15]	于克辰, 郭莉, 姚萌萌. 基于空间及能量维度的黑盒对抗样本生成方法[J]. 信息网络安全, 2021, 21(3): 72-78.