The New Progress in the Research of Binary Vulnerability Analysis

Although vulnerability analysis based on source code has achieved a significant progress, large numbers of software exist in binary code, research of binary vulnerability analysis is more important. This paper presented an overview of the field of binary vulnerability analysis framework, classified typical vulnerability analysis technologies into intermediate language, taint analysis, symbolic execution, and fuzzing, classified current framework based on typical analysis technologies, summarized limitations of current framework and design a next generation automatic binary vulnerability analysis framework, and then we summarized the core principles, process, and limitations of each analysis technology in next generation frameworks, and discussed possible optimizations that could improved vulnerability analysis. This survey on binary vulnerability analysis can provide theoretical guidance for the development of the future binary analysis.

[1]  Christopher Krügel,et al.  SOK: (State of) The Art of War: Offensive Techniques in Binary Analysis , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[2]  S. Sitharama Iyengar,et al.  Data-Driven Techniques in Disaster Information Management , 2017, ACM Comput. Surv..

[3]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[4]  Stephen McCamant,et al.  Crash analysis with BitBlaze , 2010 .

[5]  Faiez Zalila,et al.  Model-Driven Elasticity Management with OCCI , 2019, IEEE Transactions on Cloud Computing.

[6]  James C. King,et al.  Symbolic execution and program testing , 1976, CACM.

[7]  Guofei Gu,et al.  TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection , 2010, 2010 IEEE Symposium on Security and Privacy.

[8]  Hamid Reza Shahriari,et al.  Software Vulnerability Analysis and Discovery Using Machine-Learning and Data-Mining Techniques , 2017, ACM Comput. Surv..

[9]  David Brumley,et al.  Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[10]  David Brumley,et al.  AEG: Automatic Exploit Generation , 2011, NDSS.

[11]  Jiannong Cao,et al.  A Distributed TCAM Coprocessor Architecture for Integrated Longest Prefix Matching, Policy Filtering, and Content Filtering , 2013, IEEE Transactions on Computers.

[12]  Dawson R. Engler,et al.  KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs , 2008, OSDI.

[13]  Fabio Massacci,et al.  Comparing Vulnerability Severity and Exploits Using Case-Control Studies , 2014, TSEC.

[14]  Yi Zhu,et al.  Towards Privacy-Preserving Content-Based Image Retrieval in Cloud Computing , 2018, IEEE Transactions on Cloud Computing.

[15]  Yongliang Li,et al.  Dynamic taint analysis for vulnerability exploits detection , 2010, 2010 2nd International Conference on Computer Engineering and Technology.

[16]  Alessandro Orso,et al.  Dytan: a generic dynamic taint analysis framework , 2007, ISSTA '07.

[17]  Koushik Sen DART: Directed Automated Random Testing , 2009, Haifa Verification Conference.

[18]  Nicholas Nethercote,et al.  Valgrind: a framework for heavyweight dynamic binary instrumentation , 2007, PLDI '07.

[19]  Min Chen,et al.  Searching for Widespread Events in Large Networked Systems by Cooperative Monitoring , 2015, 2015 IEEE 23rd International Conference on Network Protocols (ICNP).

[20]  Qiang Huang,et al.  Taint Propagation Analysis and Dynamic Verification with Information Flow Policy: Taint Propagation Analysis and Dynamic Verification with Information Flow Policy , 2011 .

[21]  Liu Jing-ju Survey on Fuzzing , 2010 .

[22]  Dawson R. Engler,et al.  RWset: Attacking Path Explosion in Constraint-Based Test Generation , 2008, TACAS.

[23]  Peter W. O'Hearn,et al.  Symbolic Execution with Separation Logic , 2005, APLAS.

[24]  Navjot Singh,et al.  Libsafe 2.0: Detection of Format String Vulnerability Exploits , 2003 .

[25]  Qingxian Wang,et al.  An advanced automatic construction method of ROP , 2015, Wuhan University Journal of Natural Sciences.

[26]  Changzhen Hu,et al.  Binary Oriented Vulnerability Analyzer Based on Hidden Markov Model , 2010, IEICE Trans. Inf. Syst..

[27]  James Newsome,et al.  Dynamic Taint Analysis for Automatic Detection, Analysis, and SignatureGeneration of Exploits on Commodity Software , 2005, NDSS.

[28]  Naixue Xiong,et al.  EPCBIR: An efficient and privacy-preserving content-based image retrieval scheme in cloud computing , 2017, Inf. Sci..

[29]  Xiaolong Li,et al.  MTCrossBit: A Dynamic Binary Translation System Using Multithreaded Optimization Framework , 2009, ICA3PP.

[30]  Cai Zhi Detection Approach of DDoS Attacks Based on Conditional Random Fields , 2011 .

[31]  Yi Yang,et al.  Automatic Polymorphic Exploit Generation for Software Vulnerabilities , 2013, SecureComm.

[32]  Karl N. Levitt,et al.  SELECT - a formal system for testing and debugging programs by symbolic execution , 1975, Reliable Software.

[33]  Sean Heelan sean. heelan,et al.  Augmenting vulnerability analysis of binary code , 2012, ACSAC '12.

[34]  Daniel Kroening,et al.  MSc Computer Science Dissertation Automatic Generation of Control Flow Hijacking Exploits for Software Vulnerabilities , 2009 .

[35]  Sarfraz Khurshid,et al.  Generalized Symbolic Execution for Model Checking and Testing , 2003, TACAS.

[36]  Patrice Godefroid,et al.  Automated Whitebox Fuzz Testing , 2008, NDSS.

[37]  Koushik Sen,et al.  CUTE: a concolic unit testing engine for C , 2005, ESEC/FSE-13.

[38]  David A. Wagner,et al.  Dynamic Test Generation to Find Integer Bugs in x86 Binary Linux Programs , 2009, USENIX Security Symposium.

[39]  Zhenkai Liang,et al.  Automatic Generation of Data-Oriented Exploits , 2015, USENIX Security Symposium.

[40]  Azer Bestavros,et al.  Scalable Secure Multi-party Network Vulnerability Analysis via Symbolic Optimization , 2017, 2017 IEEE Security and Privacy Workshops (SPW).

[41]  Annibale Panichella,et al.  Automatic Generation of Tests to Exploit XML Injection Vulnerabilities in Web Applications , 2019, IEEE Transactions on Software Engineering.

[42]  Zhi-Ping CAI,et al.  Detection Approach of DDoS Attacks Based on Conditional Random Fields: Detection Approach of DDoS Attacks Based on Conditional Random Fields , 2011 .

[43]  Zhenkai Liang,et al.  BitBlaze: A New Approach to Computer Security via Binary Analysis , 2008, ICISS.

[44]  Julian Schütte,et al.  A Data Usage Control System Using Dynamic Taint Tracking , 2016, 2016 IEEE 30th International Conference on Advanced Information Networking and Applications (AINA).

[45]  Xue Yong Zhu,et al.  A New Fuzzing Technique Using Niche Genetic Algorithm , 2013 .

[46]  João Leitão,et al.  Privacy-Preserving Content-Based Image Retrieval in the Cloud , 2014, 2015 IEEE 34th Symposium on Reliable Distributed Systems (SRDS).

[47]  Barton P. Miller,et al.  An empirical study of the reliability of UNIX utilities , 1990, Commun. ACM.

[48]  David Brumley,et al.  Q: Exploit Hardening Made Easy , 2011, USENIX Security Symposium.

[49]  Cheng Wang,et al.  LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks , 2006, 2006 39th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO'06).

[50]  David Brumley,et al.  Unleashing Mayhem on Binary Code , 2012, 2012 IEEE Symposium on Security and Privacy.