Hui Liu,Chongbin Zhang,Xiaomin Zhang

DOI: https://doi.org/10.3321/j.issn:1671-4512.2008.02.018

2008-01-01

Abstract:Model checking technology used widely in industrial designs was introduced into probable vulnerabilities finding in software. A system prototype is proposed to find vulnerabilities in source codes. Taking open-source operating system Linux as an example, a security property model was built for dropping privilege and creating files in this system, and this model was verified by various examples. The results show that the proposed method is a formal means that could prove the existence of vulnerabilities and automatically discover security vulnerabilities in software.

Yanmiao Zhang,Xiaoyu Ji,Yushi Cheng,Wenyuan Xu

DOI: https://doi.org/10.23919/ChiCC.2019.8866144

2019-01-01

Abstract:As a modern power transmission network, smart grid connects abundant terminal devices and plays an important role in our daily life. However, along with its growth are the security threats. Different from the separated environment previously, an adversary nowadays can destroy the power system by attacking its terminal devices. As a result, it's critical to ensure the security and safety of terminal devices. To achieve it, detecting the pre-existing vulnerabilities in the terminal program and enhancing its security, are of great importance and necessity. In this paper. we introduce Cker, a novel vulnerability detection tool for smart grid devices, which generates an program model based on device sources and sets rules to perform model checking. We utilize the static analysis to extract necessary information and build corresponding program models. By further checking the model with pre-defined vulnerability patterns, we achieve security detection and error reporting. The evaluation results demonstrate that our method can effectively detect vulnerabilities in smart devices with an acceptable accuracy and false positive rate. In addition, as Cker is realized by pure python. it can be easily scaled to other platforms.

唐卓椿,吴刚,帅建梅,孔德光

2008-01-01

Abstract:Introduce model checking method to vulnerability analysis of executables.This paper formally modeled binary executables,then adapted model checking technology to verify security properties of executables,and developed a useful model checker.Memory leak and stack buffer overflow vulnerability as example properties,were abstracted to temporal logic formula,and then model checker verified whether the properties are satisfiable.The checking result as expected are sound and prove that bounded model checking is an effective static analysis method.

Liu Xin,Cai Wandong

DOI: https://doi.org/10.1109/iccsn.2011.6013559

2011-01-01

Abstract:In this article we address program errors, and through the static code analysis. First, we use inter-procedural based on analysis and blunt insensitive vulnerability testing model, — extracted from the source code. Second, we use of model checking to solve the model. In addition, we do alias analysis method is correct and accuracy testing model. This paper proposed concepts are aimed at those general class buffer of those loopholes and can be applied to the detection of buffer overrun vulnerabilities types such as format string of attacks, and the test code injection. In order to evaluate the effectiveness of CodeAuditor, use the tool to detect the loophole few C affinity grams. We take six open source applications as a test. Experimental results show that, 18 previously unknown vulnerabilities in six open source applications have found our tools. The observation is false positives in about 23%.

Jinxin Zhong -,Wenqing Fan -,Jing An -,Miao Zhang -,Yixian Yang -

DOI: https://doi.org/10.4156/jdcta.vol6.issue4.15

2012-01-01

International Journal of Digital Content Technology and its Applications

Abstract:Nowadays, Vulnerability exploiting has become a major means of malicious code communication. In order to solve the problem that polymorphic and metamorphic vulnerability exploit variants is difficult to detect, it presents a method of detecting vulnerability exploits based on binary behavior analysis in this paper. The method track and monitor the memory and register changes the binary file's behavior results, and have a formal verification on application's behavior through intermediate‐level language. In this paper, we examine the performance of binary analysis by taking two sets of experiments for separate targets, one is 13 local file vulnerabilities, the other is web browser vulnerabilities. The results show that the exploits detection method based on binary behavior analysis can be effectively used for analysis and detection of the vulnerabilities, also with significantly reduced time and space complexity.

Lei Wang,Qiang Zhang,Peng Zhao

DOI: https://doi.org/10.1109/SCAM.2008.24

2008-10-03

Abstract:Ensuring the correctness and reliability of software systems is one of the main problems in software development. Model checking, a static analysis method, is preponderant in improving the precision of vulnerabilities detection. However, when applied to buffer overflow and other bugs, it is hard to automatically construct the model for detecting the vulnerabilities. To address this problem we propose an approach that combines constraint based analysis and model checking together. We trace the memory size of buffer-related variables and instrument the code with corresponding constraint assertions before the potential vulnerable points by constraint based analysis. Then the problem of detecting vulnerabilities is converted into the problem of detecting vulnerabilities to verifying the reach ability of these assertions by model checking. In order to reduce the cost of model checking, program slicing is introduced to reduce the code size. CodeAuditor is a prototype implementation of our approach. With CodeAuditor, several yet unreported vulnerabilities are discovered in several open source software, and the performance is shown to be improved significantly with the help of program slicing.

Computer Science

Jian-min SU,Tuan XU,Ying WANG,Bao-jiang CUI,Lan Jiang,Wei-lian SUN

DOI: https://doi.org/10.3321/j.issn:0372-2112.2009.11.008

2009-01-01

Tien Tzu Hsueh Pao/Acta Electronica Sinica

Abstract:We present a systems engineering method to analyze software vulnerabilities.We constructed the relational structure of software systems with software elements through the function of semantic relations between them at run time, in which the dynamic operation processes of software are quantified by the semantic relations based on the common natures of languages. Using the structure, we built a mathematical model to describe the property of software transfer states during their operational processes upon calculus of variation S-rough sets. Within the model,systems of transfer equations are established to compute the transfer operation of software elements,from which we deduced the stochastic-probability eigenvalues of software structures to certain constants. By analyzing software structures' vulnerabilities, we dealt with the derivation of formulas that calculate attack surface and measure software credibility, and proposed rules to control software vulnerabilities actively and develop programming specifications completely. To verify the methodology this paper presents, two open source software were tested, and experimental data were analyzed systematically.

XU You-fu,WEN Wei-ping,WAN Zheng-su

DOI: https://doi.org/10.3969/j.issn.1671-1122.2011.08.026

2011-01-01

Abstract:The paper though studying automata theory, proposed a vulnerability-based model checking Mining vulnerability theory, as the bulk discover unknown vulnerabilities to provide a theoretical basis.

XU Tuan,QU Lei-lei,SHI Wen-chang

DOI: https://doi.org/10.11959/j.issn.2096-109x.2017.00200

2017-01-01

Abstract:Aiming at the shortcomings of the existing methods to detect the security flaws that have complex structures,a new analysis model and its application method was proposed.First,analysis models based on key information of code structures extracted from path subsets of characteristic element sets that are generated by source code element sets of code security flaws were constructed.Then the analysis model according to the statistical probability of each kind of IR statement was calculated,and the IR code group which matched the feature model was found.Finally,through the translating relation between binary codes and IR codes,various code security flaws of binary program were found out.The analysis models can be applied to both common single-process binary programs and binary parallel programs.Experimental results show that compared with the existing methods,the application of the analysis model can be more comprehensive and in-depth in detecting various types of complex binary code security flaws with higher accuracy.

Keqin Li

DOI: https://doi.org/10.1109/ICSTW.2010.23

2010-01-01

Abstract:Security in code level is an important aspect to achieve high quality software. Various security programming guidelines are defined to improve the quality of software code. At the same time, enforcing mechanisms of these guidelines are needed. In this paper, we use source code model checking technique to check whether some security programming guidelines are followed, and correspondingly to detect related security vulnerabilities. Two SAP security programming guidelines related to logging sensitive information and Cross-Site Scripting attack are used as examples. In the case studies, Bandera Tool Set is used as source code model checker, and minimizing programmers' additional effort is set as one of the goals.

Tiantian Tan,Baosheng Wang,Zhou Xu,Yong Tang

DOI: https://doi.org/10.1007/978-3-030-00009-7_25

2018-01-01

Abstract:Although vulnerability analysis based on source code has achieved a significant progress, large numbers of software exist in binary code, research of binary vulnerability analysis is more important. This paper presented an overview of the field of binary vulnerability analysis framework, classified typical vulnerability analysis technologies into intermediate language, taint analysis, symbolic execution, and fuzzing, classified current framework based on typical analysis technologies, summarized limitations of current framework and design a next generation automatic binary vulnerability analysis framework, and then we summarized the core principles, process, and limitations of each analysis technology in next generation frameworks, and discussed possible optimizations that could improved vulnerability analysis. This survey on binary vulnerability analysis can provide theoretical guidance for the development of the future binary analysis.

TIAN Shuo,LIANG Hong-liang

DOI: https://doi.org/10.3969/j.issn.1002-137X.2009.07.002

2009-01-01

Computer Science

Abstract:A survey of static analysis methods for binary code vulnerabilities was provided.Based on summing up exis-ting static detect methods for vulnerabilities,the general procedural of binary static analysis was modeled,and transforming program information into expressive and generic intermediate representation was regarded as the key component of the analysis and as a important research direction.

JiaJing Li,Tao Wei,Jian Mao

2007-01-01

Abstract:Two research results of temporal vulnerabilities in x86 executables were giveded. First two new models of temporal vulnerabilities were presented; secondly a method of building pushdown automata for executables was given. Experiments showed the method was effective to verify and find temporal vulnerabilities in x86 executables.

Yang Cao,Yunwei Dong,Xiaomin Wei,Xiao Wu

DOI: https://doi.org/10.1109/QRS-C.2019.00080

2019-01-01

Abstract:In the system architecture design phase, there may be flaws introduced by the access control design. The flaws make the system design vulnerable. Vulnerabilities that are not detected during the design phase will be taken to the subsequent phases of the system development. This reduces system security and leads to more repair cost. In order to detect the access control flaws in the design phase as early as possible, we propose the security analysis method using Architecture Analysis and Design Language (AADL). This method analyzes the access control policies between components. It can analyze and detect the access control flaws in the AADL architecture model. For describing the access control policies, vulnerability model annex is created. We use a case study, based on a module from an aircraft intelligent information system, to introduce the application of modeling and analysis methods.

Qiang Liu,Hua Chen,Yan Wen,Xiang Li

DOI: https://doi.org/10.1109/MSN.2011.81

2011-01-01

Abstract:The misuse of flaw functions is one of the key reasons causing software vulnerabilites. In our study, this type of vulnerability is termed as MFFV (Vulnerability of Flaw Function Misusing). In this paper, we propose a novel framework for analyzing the flaw function heuristic vulnerabilities. In this framework, the procedure to analyze MFFV is composed of three stages: firstly, MFFV pre-analysis engine builds the intermediate representation via reverse engineering technique, and meanwhile the flaw functions are identified according to the function signature technology. Secondly, MFFV analysis engine picks up the suspicious hot points, and attaches a label to each of them. The label records the code slice, flaw function information and context. In the third stage, MFFV scheduler invokes a series of related checkers to perform precise checks on all the hot points. Besides, we implement a prototype to verify the feasibility of our proposed framework.

Xiang Du,Liangze Yin,Peng Wu,Liyuan Jia,Wei Dong

DOI: https://doi.org/10.1109/QRS-C51114.2020.00019

2020-01-01

Abstract:Checkers design is a main step for static analysis of different vulnerabilities. This paper focuses on static analysis on code property graph, which combines abstract syntax tree, control flow graph, and program dependence graph. Developing checkers on code property graph directly is usually complex and difficult. In this paper, we have analyzed a large number of checkers of different vulnerabilities, and extracted those most commonly used operations as a set of interfaces. We have implemented these interfaces and developed a set of vulnerability checkers based on them. The practical efficacy of these checkers are evaluated on the Linux kernel source code. Experimental results show that our proposed interfaces are strong enough to express most vulnerabilities and our implementation is effective for vulnerabilities detection.

Lian Yu,Shi-Zhong Wu,Tao Guo,Guo-Wei Dong,Cheng-Cheng Wan,Yin-Hang Jing

DOI: https://doi.org/10.1007/978-3-642-25243-3_27

2011-01-01

Abstract:Static analysis technologies and tools have been widely adopted in detecting software bugs and vulnerabilities. However, traditional approaches have their limitations on extensibility and reusability due to their methodologies, and are unsuitable to describe subtle vulnerabilities under complex and unaccountable contexts. This paper proposes an approach of static analysis based on ontology model enhanced by program slicing technology for detecting software vulnerabilities. We use Ontology Web Language (OWL) to model the source code and Semantic Web Rule Language (SWRL) to describe the bug and vulnerability patterns. Program slicing criteria can be automatically extracted from the SWRL rules and adopted to slice the source code. A prototype of security vulnerability detection (SVD) tool is developed to show the validity of the proposed approach.

J. Vadayath,Kyle Zeng,Christophe Hauser,Ruoyu Wang,Y. Fratantonio,Tiffany Bao,Adam Doupé,Nicolaas Weideman,Yan Shoshitaishvili,Moritz Eckert,Gokulkrishna Praveen Menon,D. Balzarotti

Abstract:In spite of their effectiveness in the context of vulnerability discovery, current state-of-the-art binary program analysis approaches are limited by inherent trade-offs between accuracy and scalability. In this paper, we identify a set of vulnerability properties that can aid both static and dynamic vulnerability detection techniques, improving the precision of the former and the scalability of the latter. By carefully integrating static and dynamic techniques, we detect vulnerabilities that exhibit these properties in real-world programs at a large scale. We implemented our technique, making several advancements in the analysis of binary code, and created a prototype called A RBITER . We demonstrate the effectiveness of our approach with a large-scale evaluation on four common vulnerability classes: CWE-131 (Incorrect Calculation of Buffer Size), CWE-252 (Unchecked Return Value), CWE-134 (Un-controlled Format String), and CWE-337 (Predictable Seed in Pseudo-Random Number Generator). We evaluated our approach on more than 76,516 x86-64 binaries in the Ubuntu repositories and discovered new vulnerabilities, including a flaw inserted into programs during compilation.

Computer Science

HU Chaojian,ZHANG Jia,LI Zhoujun,SHI Zhiwei,ZHANG Yan

DOI: https://doi.org/10.3321/j.issn:1000-0054.2009.z2.017

2009-01-01

Abstract:Since there are semantic differences between a source code and its executable code, analysis of only the source code may miss some vulnerabilities in the executable code.Typical vulnerability patterns were analyzed to design a security vulnerability detection tool to work directly on executables.The system combines static disassembly analysis, dynamic auto-debugging and function based argument injection.The tool successfully found buffer overflow vulnerabilities in both a CVE (common vulnerabilities & exposures) benchmark and two real executables.The resuIts show that this detection method can be used to directly detect security vulnerabilities in executable codes.

Yuelei XIAO,Zhixiang ZHU,Yong ZHANG

DOI: https://doi.org/10.13682/j.issn.2095-6533.2015.05.003

2015-01-01

Abstract:By analyzing the process of security protocols,the definition of driving module (DM) is introduced,and then regular and penetrator DMs are formed according to the Strand Space Model (SSM).Based on this,a DM-based model checking method is proposed.Theoretical analysis indicates that this method is prefect in terms of searching breadth and depth,and can avoid the state space explosion problem.Therefore,this method can be used not only to get the attack scenarios of a flawed security protocol,but also to prove that an unflawed security protocol is secure.Moreover,the Otway-Rees protocol and the TLS protocol are analyzed based on this method.As a result,various attack scenarios of the Otway-Rees protocol are discovered and two secure improved Otway-Rees protocols are put forward,and therefore the TLS protocol is proved to be secure.