Static Detection of Shared Object Loadings on Linux (Ubuntu 14.10)

Shared Object loading is an important mechanism for computer software development. It enables a program, to use its exported functionalities and link a Shared Object. Shared Object loading is a system by which a PC program are able to run at run-time, fill all collections in memory chunks, recall the all specified parameters and functions included in the library, and run those functions, and link the library from recollection. Static Detection of unsafe Shared Object loadings of software component is a technique used to achieve flexibility and modularity in software components. This paper presents the first static analysis technique aiming to detect all possible loading associated errors. The main challenge is how to estimate what Shared Object may be loaded at specific program locations. Our main subject is that all this information is determined locally from the Shared Object loading memory locations. In general, we determine all application and system software running in the system, then we compute all specific Shared Object loadings and by using static technique, we evaluate specific unsafe Shared Object components. For evaluation, we implemented our technique to detect malicious and unsafe component loadings on popular software application on Linux Platform Ubantu.

[1]  Mark Weiser,et al.  Program Slicing , 1981, IEEE Transactions on Software Engineering.

[2]  Thomas W. Reps,et al.  Analyzing Memory Accesses in x86 Executables , 2004, CC.

[3]  Joe D. Warren,et al.  The program dependence graph and its use in optimization , 1987, TOPL.

[4]  Arie van Deursen,et al.  A Systematic Survey of Program Comprehension through Dynamic Analysis , 2008, IEEE Transactions on Software Engineering.

[5]  Thomas W. Reps,et al.  Symbolic Analysis via Semantic Reinterpretation , 2009, SPIN.

[6]  Thomas W. Reps,et al.  Demand interprocedural dataflow analysis , 1995, SIGSOFT FSE.

[7]  David W. Binkley,et al.  Interprocedural slicing using dependence graphs , 1990, TOPL.

[8]  Olatunji Ruwase,et al.  A Practical Dynamic Buffer Overflow Detector , 2004, NDSS.

[9]  Dinakar Dhurjati,et al.  Backwards-compatible array bounds checking for C with very low overhead , 2006, ICSE.

[10]  Samuel T. King,et al.  Secure Web Browsing with the OP Web Browser , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[11]  Dawson R. Engler,et al.  KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs , 2008, OSDI.

[12]  Ian Goldberg,et al.  A Secure Environment for Untrusted Helper Applications ( Confining the Wily Hacker ) , 1996 .

[13]  Dawson R. Engler,et al.  EXE: automatically generating inputs of death , 2006, CCS '06.

[14]  Helen J. Wang,et al.  The Multi-Principal OS Construction of the Gazelle Web Browser , 2009, USENIX Security Symposium.

[15]  Harish Patil,et al.  Pin: building customized program analysis tools with dynamic instrumentation , 2005, PLDI '05.

[16]  Zhendong Su,et al.  Automatic detection of unsafe component loadings , 2010, ISSTA '10.

[17]  Jun Xu,et al.  Non-Control-Data Attacks Are Realistic Threats , 2005, USENIX Security Symposium.

[18]  Thomas W. Reps,et al.  Analyzing Stripped Device-Driver Executables , 2008, TACAS.

[19]  David W. Binkley,et al.  Precise executable interprocedural slices , 1993, LOPL.

[20]  Tibor Gyimóthy,et al.  Interprocedural static slicing of binary executables , 2003, Proceedings Third IEEE International Workshop on Source Code Analysis and Manipulation.

[21]  Stephen McCamant,et al.  Loop-extended symbolic execution on binary programs , 2009, ISSTA.

[22]  Thomas W. Reps,et al.  DIVINE: DIscovering Variables IN Executables , 2007, VMCAI.

[23]  Shai Halevi,et al.  Where Do You Want to Go Today? Escalating Privileges by Pathname Manipulation , 2010, NDSS.

[24]  James C. King,et al.  Symbolic execution and program testing , 1976, CACM.