Flaw function static detection method for executable

doi:10.3778/j.issn.1002-8331.2009.26.024

Computer Engineering and Applications ›› 2009, Vol. 45 ›› Issue (26): 81-84.DOI: 10.3778/j.issn.1002-8331.2009.26.024

• 网络、通信、安全 • Previous Articles Next Articles

Flaw function static detection method for executable

WANG Chun-lei^1,2，LIU Qiang²，ZHAO Gang^1,2，DAI Yi-qi¹

1.Department of Computer Science and Technology，Tsinghua University，Beijing 100084，China
2.Laboratory of Network，Beijing Institute of System Engineering，Beijing 100101，China

Received:2009-03-11 Revised:2009-04-24 Online:2009-09-11 Published:2009-09-11
Contact: WANG Chun-lei

可执行程序缺陷函数的静态检测方法

王春雷^1,2，刘强²，赵刚^1,2，戴一奇¹

1.清华大学计算机科学与技术系，北京 100084
2.北京系统工程研究所网络研究室，北京 100101

通讯作者: 王春雷

Abstract

Abstract: The detection of flaw functions in binary executables is an important technique for software vulnerability analysis.A flaw function detection method based upon the static analysis of executable is proposed.The foundation of this method is the signature theme of flaw functions in the form of binary instruction flow.This method establishes the set of potential function call sequences in the running process and constructs the function call graph by statically analyzing the binary executable，and detects the set of flaw functions the executable invoked by matching and analyzing the signatures of flaw functions with the function call graph.Experimental results demonstrate that the method is effective for detecting the flaw functions in executables，and is useful for further security analysis.

Key words: static analysis, function signature, bug detection

摘要： 可执行程序的缺陷函数检测是软件漏洞发现的重要技术手段之一。从二进制代码指令流的角度出发，研究了缺陷函数的签名机制，提出了一种基于可执行程序静态分析的缺陷函数检测方法。该方法通过静态分析应用程序的可执行代码，建立进程运行过程中可能的函数调用序列集合。以该集合为基础，通过对比分析缺陷函数签名，可以准确检测该程序调用的缺陷函数集合，以及分析可能导致的脆弱性。通过实验分析，验证了该方法对于缺陷函数检测的有效性。

关键词: 静态分析, 函数签名, 漏洞检测

CLC Number:

TP312

WANG Chun-lei^1,2，LIU Qiang²，ZHAO Gang^1,2，DAI Yi-qi¹. Flaw function static detection method for executable[J]. Computer Engineering and Applications, 2009, 45(26): 81-84.

王春雷^1,2，刘强²，赵刚^1,2，戴一奇¹. 可执行程序缺陷函数的静态检测方法[J]. 计算机工程与应用, 2009, 45(26): 81-84.

[1]	CHEN Yaoyang, CHEN Wei. Control Flow Obfuscation Technology Based on Implicit Jump [J]. Computer Engineering and Applications, 2021, 57(20): 125-132.
[2]	LIN Hongyang, PENG Jianshan, ZHAO Shibin, ZHU Junhu, XU Hang. Survey on JavaScript Engine Vulnerability Detection [J]. Computer Engineering and Applications, 2019, 55(11): 16-24.
[3]	CHEN Lu, MA Yuanyuan, SHI Congcong, LI Nige, LI Weiwei. Research on Android application security flaws static analysis technology [J]. Computer Engineering and Applications, 2018, 54(4): 117-121.
[4]	ZHAO Wei1，4, WANG Nan2, SU Xin3，4, ZHANG Boyun1. Android malware detection approach based on deep belief network [J]. Computer Engineering and Applications, 2018, 54(18): 125-132.
[5]	CHEN Qi1, JIANG Guoping2, XIA Lingling3. Homology analysis of malware based on function structure [J]. Computer Engineering and Applications, 2017, 53(14): 93-98.
[6]	SUN He1, WU Lifa1, HONG Zheng1, XU Mingfei2, ZHOU Shengli1，3. Research on function call graph based method for similarity analysis of binary files [J]. Computer Engineering and Applications, 2016, 52(21): 126-133.
[7]	DONG Yukun. Illegal computing defect detection by static analysis for C program [J]. Computer Engineering and Applications, 2016, 52(19): 31-36.
[8]	QIAN Yucun, PENG Guojun, WANG Ying, LIANG Yu. Homology analysis of malicious code and family clustering [J]. Computer Engineering and Applications, 2015, 51(18): 76-81.
[9]	YOU Feng, BIAN Yi, ZHAO Ruilian. Automatic string test data generation for EFSM model [J]. Computer Engineering and Applications, 2014, 50(16): 57-61.
[10]	WU Xiaojing. Data mining based on intelligent knowledge map for financial crisis early warning [J]. Computer Engineering and Applications, 2013, 49(24): 116-121.
[11]	JIN Jing1，2, LI Meng1，2, HUA Zhebang1，2, SONG Huaida1，2, ZHAO Junfeng1，2, XIE Bing1，2. Code function recognition approach based on LDA and static analysis [J]. Computer Engineering and Applications, 2013, 49(15): 27-31.
[12]	SI Haiping1, QIAO Hongbo1, HU Xiaohong1, CHEN Baogang1, CAO Yongsheng2. Study on program comprehension method based on use case diagram [J]. Computer Engineering and Applications, 2013, 49(14): 51-55.
[13]	XIA Yimin, WU Yuan, WU Feng, LIU Wenhua, LIN Laikuang. Study on simulation and mechanical properties of tunnel shield cutterhead [J]. Computer Engineering and Applications, 2013, 49(11): 248-251.
[14]	CHEN Jie. Weakest precondition based false alarms reducing for static analysis [J]. Computer Engineering and Applications, 2012, 48(33): 1-4.
[15]	WANG Zhaofei. Improvement on counter example generation in static barrier analysis [J]. Computer Engineering and Applications, 2011, 47(11): 23-25.

Flaw function static detection method for executable

可执行程序缺陷函数的静态检测方法

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics