基于可执行代码的漏洞检测技术

Executable based vulnerability detection

源代码和可执行代码之间存在语义差异,仅对源代码进行分析会遗漏隐藏在可执行代码里的漏洞。基于对漏洞模式的分析,通过结合静态反汇编分析、动态自动调试和基于函数特征的参数注入3种思想,本文设计并实现了一种直接基于可执行代码的安全漏洞检测原型工具。本文的检测原型工具在一组CVE(通用漏洞披露)benchmark以及两个真实的可执行程序上都检测到缓冲区溢出漏洞。实验结果表明,本文提出的"三位一体"检测方法能够直接用于检测可执行代码中的安全漏洞。

Since there are semantic differences between a source code and its executable code,analysis of only the source code may miss some vulnerabilities in the executable code.Typical vulnerability patterns were analyzed to design a security vulnerability detection tool to work directly on executables.The system combines static disassembly analysis,dynamic auto-debugging and function based argument injection.The tool successfully found buffer overflow vulnerabilities in both a CVE(common vulnerabilities & exposures) benchmark and two real executables.The results show that this detection method can be used to directly detect security vulnerabilities in executable codes.