Research on Cross-architecture Vulnerabilities Searching in Binary Executables

doi:10.3969/j.issn.1671-1122.2017.09.005

Netinfo Security ›› 2017, Vol. 17 ›› Issue (9): 21-25.doi: 10.3969/j.issn.1671-1122.2017.09.005

• Orginal Article • Previous Articles Next Articles

Research on Cross-architecture Vulnerabilities Searching in Binary Executables

Weiyang XU(), Yao LI, Yong TANG, Baosheng WANG

Department of Network Engineering, National University of Defense Technology, Changsha Hunan 410073, China

Received:2017-08-01 Online:2017-09-20 Published:2020-05-12

Abstract

Abstract:

During the development of computer software, the emergence of vulnerabilities can not be avoided. Thus, rapid identification of vulnerabilities is the key to protect the computer system. Most of the existing methods are based on source code, and the methods based on binary are only done on single instruction architecture. Because of the above problems, this paper proposes an efficient way to search vulnerabilities on binary level, which standardizes the assembly code of different instruction architecture, extracts features of vulnerabilities and binary executables, and finds the vulnerabilities of binary executables by using features matching algorithm. Experiments show that the method can accurately find the known vulnerabilities in the samples, such as the Heartbleed vulnerability in the OpenSSL library, the Rootkit vulnerabilities in the BusyBox and the back doors that exist in the router firmware.

Key words: binary matching, vulnerabilities searching, feature matching

CLC Number:

TP393

Weiyang XU, Yao LI, Yong TANG, Baosheng WANG. Research on Cross-architecture Vulnerabilities Searching in Binary Executables[J]. Netinfo Security, 2017, 17(9): 21-25.

Figures/Tables 8

References 10

[1]	PEWNY J, SCHUSTER F, BERNHARD L, et al.Leveraging Semantic Signatures for Bug Search in Binary Programs[C]//ACSAC. Annual Computer Security Applications Conference, December 8 - 12, 2014 ,New Orleans, Louisiana, USA . New York:ACM. 2014:406-415.
[2]	BOURQUIN M, KING A, ROBBINS E.Binslayer: Accurate Comparison of Binary Executables[C]//PPREW. ACM SIGPLAN Program Protection and Reverse Engineering Workshop, January 26, 2013. Rome, Italy. ITA:PPREW, 2013:1-10.
[3]	PEWNY J, GARMANY B, GAWLIK R, et al.Cross-Architecture Bug Search in Binary Executables[C]//IEEE. 36th IEEE Symposium on Security and Privacy (S&P), May 18-20, 2015. Fairmont, San Jose,CA. NJ:IEEE, 2015:709-724.
[4]	刘春红,郭涛,崔宝江,等. 二进制文件同源性检测的结构化相似度计算[J]. 北京邮电大学学报,2012,35(3):56-60.
[5]	王毅,唐勇,卢泽新,等. 恶意代码聚类中的特征选取[J]. 信息网络安全,2016(9):64-68.
[6]	DAVID Y, PARTUSH N, YAHAV E.Statistical Similarity of Binaries[J]. ACM Sigplan Conference on Programming Language Design & Implementation, 2016,51(6):266-280.
[7]	林佳萍,李晖,等. 安卓恶意软件检测研究综述[J]. 信息网络安全,2016(10):80-88.
[8]	LUO Lannan, MING Jiang, WU Dinghao, et al.Semantics-based Obfuscation-resilient Binary Code Similarity Comparison with Applications to Software Plagiarism Detection[C]//FSE. ACM SIGSOFT International Symposium on Foundations of Software Engineering, November 16 - 21, 2014 . Hong Kong, China. CHN:FSE, 2014:389-400.
[9]	彭建山,奚琪,王清贤,等. 二进制程序整型溢出漏洞的自动验证方法[J]. 信息网络安全,2017(5):14-21.
[10]	IDA. Pro - Interactive Disassembler[EB/OL]. , 2016-3-11.

Research on Cross-architecture Vulnerabilities Searching in Binary Executables

RichHTML

PDF (PC)

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 8

References 10

Related Articles 1

Recommended Articles

Metrics

Comments