Netinfo Security ›› 2017, Vol. 17 ›› Issue (8): 1-13.doi: 10.3969/j.issn.1671-1122.2017.08.001

• Orginal Article •     Next Articles

A Survey of the Key Technology of Binary Program Vulnerability Discovery

Xiajing WANG1, Changzhen HU1, Rui MA1(), Xinzhu GAO2   

  1. 1.Beijing Key Laboratory of Software Security Engineering Technology, School of Software, Beijing Institute of Technology, Beijing 100081, China
    2.China National Gold Group Corporation, Beijing 100011, China
  • Received:2017-06-22 Online:2017-08-20 Published:2020-05-12

Abstract:

In the current cyberspace, vulnerability has been attracted the widespread attention. Although source-code-oriented vulnerability analysis has made significant progress and has the characteristics of rich semantic, but many commercial software exists in the form of binary code in practical application. Therefore, binary-executable-oriented vulnerability discovery is more meaningful and useful. This paper first briefly introduces the typical binary vulnerability analysis framework. Based on the existing research work, this paper puts forward the whole idea of the research on the vulnerability discovery technology of binary program in the future, and then makes some research on some key points and key technologies respectively. Firstly, this paper briefly introduces the research on the key technologies of binary-executable-oriented background and significance of the intermediate language. Secondly, according to the three key technologies of taint analysis, symbolic execution and fuzzing, this paper introduces the basic principles and classification standards, processing flow, research situation and existing problems, respectively, and finally gives a simple summary. In this paper, a brief study of the binary program vulnerability discovery technology is given, which is helpful to carry out the follow-up research work.

Key words: vulnerability discovery, binary program, taint analysis, symbolic execution, fuzzing

CLC Number: