二进制代码安全分析综述

doi:10.15888/j.cnki.csa.008848

AIPUB归智期刊联盟

微信公众号

网站二维码

2025年4月1日 5:30 星期二

首页 > 过刊浏览>2023年第32卷第1期 >1-11. DOI:10.15888/j.cnki.csa.008848

PDF HTML阅读 XML下载导出引用引用提醒

二进制代码安全分析综述
DOI:
                        10.15888/j.cnki.csa.008848
                    
CSTR:
                        
                    
作者:
                        周忠君周忠君
复旦大学 软件学院, 上海 200433
在期刊界中查找
在百度中查找
在本站中查找
董荣朝董荣朝
复旦大学 软件学院, 上海 200433
在期刊界中查找
在百度中查找
在本站中查找
蒋金虎蒋金虎
复旦大学 上海市数据科学重点实验室, 上海 200433
在期刊界中查找
在百度中查找
在本站中查找
张为华张为华
复旦大学 上海市数据科学重点实验室, 上海 200433
在期刊界中查找
在百度中查找
在本站中查找

                    
作者单位:
作者简介:
通讯作者:
中图分类号:
基金项目:

Survey on Binary Code Security Techniques

Author:

ZHOU Zhong-Jun
ZHOU Zhong-Jun
Software School, Fudan University, Shanghai 200433, China
在期刊界中查找
在百度中查找
在本站中查找
DONG Rong-Chao
DONG Rong-Chao
Software School, Fudan University, Shanghai 200433, China
在期刊界中查找
在百度中查找
在本站中查找
JIANG Jin-Hu
JIANG Jin-Hu
Shanghai Key Laboratory of Data Science, Fudan University, Shanghai 200433, China
在期刊界中查找
在百度中查找
在本站中查找
ZHANG Wei-Hua
ZHANG Wei-Hua
Shanghai Key Laboratory of Data Science, Fudan University, Shanghai 200433, China
在期刊界中查找
在百度中查找
在本站中查找

Affiliation:

Fund Project:

摘要

图/表

访问统计

参考文献 [53]

相似文献 [20]

引证文献

资源附件

文章评论

摘要:

近几十年来, 计算机硬件性能和软件规模技术已不同以往, 其承载了人类社会生活生产的方方面面. 计算机技术的飞速发展, 也带来了人们对程序安全问题的关注. 由于市面上存在着较多的遗留软件, 这些软件无人维护且缺乏源代码支持, 其安全性令人担忧, 而二进制分析技术被用来解决该类软件问题. 二进制分析技术根据其检测方式不同可分为: 基于静态的二进制代码分析技术、基于动态的二进制代码分析技术和动静态混合的二进制代码分析技术. 本文调研了近年来的二进制代码安全分析领域上相关研究, 分别详细阐述了这3类技术中的主要方法, 并对其关键技术进行详细介绍.

关键词:程序安全;二进制分析;静态分析;动态分析;动静态混合分析

Abstract:

In recent decades, computer hardware performance and software scale technology have greatly changed, and they have been involved in all aspects of human social life and production. The rapid development of computer technology has also brought about the concern of program security issues. Since there is a large amount of legacy software on the market, which is unmaintained and lacks source code support, people are worried about its security. As a result, binary analysis techniques are used to address security issues of this kind of software. Furthermore, the techniques can be classified as follows according to their detection ways: static binary code analysis techniques, dynamic binary code analysis techniques, and dynamic and static binary code analysis techniques. This study reviews the recent research on binary code security analysis, describes the main approaches in the above three techniques, and introduces the key techniques in detail.

Key words:program security;binary analysis;static analysis;dynamic analysis;hybrid dynamic and static analysis

参考文献

[1] Mobile Internet & Apps. https://www.statista.com/statistics/266210/number-of-available-applications-in-the-google-play-store/.[2022-03-21].

[2] Kirsch J, Zhechev Z, Bierbaumer B, et al. PwIN-Pwning Intel piN:Why DBI is unsuitable for security applications. Proceedings of the 23rd European Symposium on Research in Computer Security. Barcelona:Springer, 2018. 363-382.

[3] Perkins JH, Kim S, Larsen S, et al. Automatically patching errors in deployed software. Proceedings of the ACM SIGOPS 22nd Symposium on Operating Systems Principles. Big Sky:ACM, 2009. 87-102.

[4] Xie JY, Fu X, Du XJ, et al. Autopatchdroid:A framework for patching inter-APP vulnerabilities in Android application. Proceedings of 2017 IEEE International Conference on Communications (ICC). Paris:IEEE, 2017. 1-6.

[5] Dolan-Gavitt B, Hulin P, Kirda E, et al. Lava:Large-scale automated vulnerability addition. Proceedings of 2016 IEEE Symposium on Security and Privacy (SP). San Jose:IEEE, 2016. 110-121.

[6] Polino M, Continella A, Mariani S, et al. Measuring and defeating anti-instrumentation-equipped malware. Proceed-ings of the 14th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Bonn:Springer, 2017. 73-96.

[7] Pewny J, Garmany B, Gawlik R, et al. Cross-architecture bug search in binary executables. Proceedings of 2015 IEEE Symposium on Security and Privacy. San Jose:IEEE, 2015. 709-724.

[8] Feng Y, Anand S, Dillig I, et al. Apposcopy:Semantics-based detection of Android malware through static analysis. Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering. Hong Kong:ACM, 2014. 576-587.

[9] Xu YF, Xu ZZ, Chen BH, et al. Patch based vulnerability matching for binary programs. Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis. Online:ACM, 2020. 376-387.

[10] Jang HJ, Yang K, Lee G, et al. QuickBCC:Quick and scalable binary vulnerable code clone detection. Proceedings of the 36th IFIP International Conference on ICT Systems Security and Privacy Protection. Oslo:Springer, 2021. 66-82.

[11] Wang TL, Wei T, Lin ZQ, et al. IntScope:Automatically detecting integer overflow vulnerability in x86 binary using symbolic execution. Proceedings of the Network and Distributed System Security Symposium. San Diego:NDSS, 2009. 1-14.

[12] Song D, Brumley D, Yin H, et al. BitBlaze:A new approach to computer security via binary analysis. Proceedings of the 4th International Conference on Information Systems Security. Hyderabad:Springer, 2008. 1-25.

[13] Zeng JY, Fu YC, Lin ZQ. PEMU:A pin highly compatible out-of-VM dynamic binary instrumentation framework. Proceedings of the 11th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments. Istanbul:ACM, 2015. 147-160.

[14] Clause J, Li WC, Orso A. Dytan:A generic dynamic taint analysis framework. Proceedings of the 2007 International Symposium on Software Testing and Analysis. London:ACM, 2007. 196-206.

[15] Bosman E, Slowinska A, Bos H. Minemu:The world's fastest taint tracker. Proceedings of the 14th International Workshop on Recent Advances in Intrusion Detection. Menlo Park:Springer, 2011. 1-20.

[16] Enck W, Gilbert P, Han S, et al. TaintDroid:An information-flow tracking system for realtime privacy monitoring on smartphones. ACM Transactions on Computer Systems, 2014, 32(2):5

[17] Peng F, Deng Z, Zhang XY, et al. X-force:Force-executing binary programs for security applications. Proceedings of the 23rd USENIX Security Symposium. San Diego:USENIX, 2014. 829-844.

[18] Bernardi ML, Cimitile M, Distante D, et al. Dynamic malware detection and phylogeny analysis using process mining. International Journal of Information Security, 2019, 18(3):257-284.[doi:10.1007/s10207-018-0415-3

[19] Arora A, Garg S, Peddoju SK. Malware detection using network traffic analysis in Android based mobile devices. Proceedings of the 2014 8th International Conference on Next Generation Mobile Apps, Services and Technologies. Oxford:IEEE, 2014. 66-71.

[20] Ming J, Xu DP, Wang L, et al. LOOP:Logic-oriented opaque predicate detection in obfuscated binary code. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. Denver:ACM, 2015. 757-768.

[21] Li JR, Lin ZQ, Caballero J, et al. K-Hunt:Pinpointing insecure cryptographic keys from execution traces. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. Toronto:ACM, 2018. 412-425.

[22] Lin Y, Gao DB. When function signature recovery meets compiler optimization. Proceedings of the 2021 IEEE Symposium on Security and Privacy (SP). San Francisco:IEEE, 2021. 36-52.

[23] Downing E, Mirsky Y, Park K, et al. DeepReflect:Discovering malicious functionality through binary reconstruction. Proceedings of the 30th USENIX Security Symposium. Online:USENIX, 2021. 3469-3486.

[24] Jang D. Badaslr:Exceptional cases of ASLR aiding exploitation. Computers & Security, 2022, 112:102510

[25] Dinesh S, Burow N, Xu DY, et al. RetroWrite:Statically instrumenting COTS binaries for fuzzing and sanitization. Proceedings of 2020 IEEE Symposium on Security and Privacy (SP). San Francisco:IEEE, 2020. 1497-1511.

[26] Wartell R, Mohan V, Hamlen KW, et al. Binary stirring:Self-randomizing instruction addresses of legacy x86 binary code. Proceedings of the 2012 ACM Conference on Computer and Communications Security. Raleigh:ACM, 2012. 157-168.

[27] Egele M, Kruegel C, Kirda E, et al. PiOS:Detecting privacy leaks in iOS applications. Proceedings of the Network and Distributed System Security Symposium. San Diego:NDSS, 2011. 177-183.

[28] Shoshitaishvili Y, Wang RY, Hauser C, et al. Firmalice-automatic detection of authentication bypass vulnerabilities in binary firmware. Proceedings of the 22nd Annual Network and Distributed System Security Symposium. San Diego:NDSS, 2015.

[29] Machiry A, Spensky C, Corina J, et al. DR.Checker:A soundy analysis for Linux kernel drivers. Proceedings of the 26th USENIX Security Symposium. Vancouver:USENIX, 2017. 1007-1024.

[30] Pan JF, Yan GL, Fan XC. Digtool:A virtualization-based framework for detecting kernel vulnerabilities. Proceedings of the 26th USENIX Security Symposium. Vancouver:USENIX, 2017. 149-165.

[31] Bai XL, Xing LY, Zheng M, et al. iDEA:Static analysis on the security of Apple kernel drivers. Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communi-cations Security. Online:ACM, 2020. 1185-1202.

[32] Ji YD, Cui L, Huang HH. VESTIGE:Identifying binary code provenance for vulnerability detection. Proceedings of the 19th International Conference on Applied Cryptography and Network Security. Kamakura:Springer, 2021. 287-310.

[33] Ouyang WL, Li M, Liu QQ, et al. Binary vulnerability mining based on long short-term memory network. Proceedings of 2021 World Automation Congress (WAC). Taipei:IEEE, 2021. 71-76.

[34] Luk CK, Cohn R, Muth R, et al. Pin:Building customized program analysis tools with dynamic instrumentation. ACM SIGPLAN Notices, 2005, 40(6):190-200.[doi:10.1145/1064978.1065034

[35] Bruening D, Zhao Q, Amarasinghe S. Transparent dynamic instrumentation. Proceedings of the 8th ACM SIGPLAN/SIGOPS Conference on Virtual Execution Environments. London:ACM, 2012. 133-144.

[36] Nethercote N, Seward J. Valgrind:A framework for heavyweight dynamic binary instrumentation. ACM SIGPLAN Notices, 2007, 42(6):89-100.[doi:10.1145/1273442.1250746

[37] Buck B, Hollingsworth JK. An API for runtime code patching. The International Journal of High Performance Computing Applications, 2000, 14(4):317-329.[doi:10.1177/109434200001400404

[38] Payer M, Gross TR. Fine-grained user-space security through virtualization. ACM SIGPLAN Notices, 2011, 46(7):157-168.[doi:10.1145/2007477.1952703

[39] Bellard F. QEMU, a fast and portable dynamic translator. Proceedings of the Annual Conference on USENIX Annual Technical Conference. Anaheim:USENIX, 2005. 41-46.

[40] Tong X, Moshovos A. QTrace:A framework for customizable full system instrumentation. Proceedings of 2015 IEEE International Symposium on Performance Analysis of Systems and Software (ISPASS). Philadelphia:IEEE, 2015. 245-255.

[41] Dolan-Gavitt B, Hodosh J, Hulin P, et al. Repeatable reverse engineering with PANDA. Proceedings of the 5th Program Protection and Reverse Engineering Workshop. Los Angeles:ACM, 2015. 4.

[42] Dovgalyuk P, Fursova N, Vasiliev I, et al. QEMU-based framework for non-intrusive virtual machine instrumentation and introspection. Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering. Paderborn:ACM, 2017. 944-948.

[43] Cota EG, Carloni LP. Cross-ISA machine instrumentation using fast and scalable dynamic binary translation. Proceedings of the 15th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments. Providence:ACM, 2019. 74-87.

[44] Jee K, Portokalidis G, Kemerlis VP, et al. A general approach for efficiently accelerating software-based dynamic data flow tracking on commodity hardware. Proceedings of the 19th Annual Network and Distributed System Security Symposium. San Diego:NDSS, 2012.

[45] Jee K, Kemerlis VP, Keromytis AD, et al. ShadowReplica:Efficient parallelization of dynamic data flow tracking. Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security. Berlin:ACM, 2013. 235-246.

[46] Ming J, Wu DH, Wang J, et al. StraightTaint:Decoupled offline symbolic taint analysis. Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering. Singapore:IEEE, 2016. 308-319.

[47] Brumley D, Jager I, Avgerinos T, et al. BAP:A binary analysis platform. Proceedings of the 23rd International Conference on Computer Aided Verification. Snowbird:Springer, 2011. 463-469.

[48] Ghaffarinia M, Hamlen KW. Binary control-flow trimming. Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. London:ACM, 2019. 1009-1022.

[49] Quach A, Prakash A, Yan L. Debloating software through piece-wise compilation and loading. Proceedings of the 27th USENIX Security Symposium. Baltimore:USENIX, 2018. 869-886.

[50] Lin ZQ, Zhang XY, Xu DY. Automatic reverse engineering of data structures from binary execution. Proceedings of the 11th Annual Information Security Symposium. West Lafayette:ACM, 2010. 5.

[51] Wang S, Liu TY, Tan L. Automatically learning semantic features for defect prediction. Proceedings of the 2016 IEEE/ACM 38th International Conference on Software Engineering (ICSE). Austin:IEEE, 2016. 297-308.

[52] Fu YC, Lin ZQ. Bridging the semantic gap in virtual machine introspection via online kernel data redirection. ACM Transactions on Information and System Security, 2013, 16(2):7

[53] Jacobson ER, Rosenblum N, Miller BP. Labeling library functions in stripped binaries. Proceedings of the 10th ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools. Szeged:ACM, 2011. 1-8.

引用本文

周忠君,董荣朝,蒋金虎,张为华.二进制代码安全分析综述.计算机系统应用,2023,32(1):1-11

复制

文章指标

点击次数:1207
下载次数: 6302
HTML阅读次数: 4932
引用次数: 0

历史

收稿日期:2022-03-30
最后修改日期:2022-04-22
录用日期:
在线发布日期: 2022-10-28
出版日期:

微信公众号

网站二维码

引用本文

分享

文章指标

历史

文章二维码

微信公众号

网站二维码

引用本文

分享

微信扫一扫：分享

文章指标

历史

文章二维码