WANG Chun-lei,LIU Qiang,ZHAO Gang,DAI Yi-qi

DOI: https://doi.org/10.3969/j.issn.1002-137X.2010.04.031

2010-01-01

Computer Science

Abstract:In order to analyze vulnerabilities in executable programs,a vulnerability analysis framework for binaries based upon model checking was proposed.Firstly,the abstract model of binary was defined,and the formal models of vulnerabilities based upon finite state automaton and the representations of software security attributes based upon event system were described.Then,the model checking based vulnerability analysis process and algorithm were proposed with respect to the abstract models of binaries and the security attributes to be checked.After that,the prototype of vulnerability analysis tool was designed and implemented based upon the framework.The illustrative sample program was analyzed to show in detail the principles of the framework,and the experimental results show the effectiveness of the analysis method.

Jian-min SU,Tuan XU,Ying WANG,Bao-jiang CUI,Lan Jiang,Wei-lian SUN

DOI: https://doi.org/10.3321/j.issn:0372-2112.2009.11.008

2009-01-01

Tien Tzu Hsueh Pao/Acta Electronica Sinica

Abstract:We present a systems engineering method to analyze software vulnerabilities.We constructed the relational structure of software systems with software elements through the function of semantic relations between them at run time, in which the dynamic operation processes of software are quantified by the semantic relations based on the common natures of languages. Using the structure, we built a mathematical model to describe the property of software transfer states during their operational processes upon calculus of variation S-rough sets. Within the model,systems of transfer equations are established to compute the transfer operation of software elements,from which we deduced the stochastic-probability eigenvalues of software structures to certain constants. By analyzing software structures' vulnerabilities, we dealt with the derivation of formulas that calculate attack surface and measure software credibility, and proposed rules to control software vulnerabilities actively and develop programming specifications completely. To verify the methodology this paper presents, two open source software were tested, and experimental data were analyzed systematically.

TIAN Shuo,LIANG Hong-liang

DOI: https://doi.org/10.3969/j.issn.1002-137X.2009.07.002

2009-01-01

Computer Science

Abstract:A survey of static analysis methods for binary code vulnerabilities was provided.Based on summing up exis-ting static detect methods for vulnerabilities,the general procedural of binary static analysis was modeled,and transforming program information into expressive and generic intermediate representation was regarded as the key component of the analysis and as a important research direction.

An Xifeng,Li Weihua,Pan Wei

DOI: https://doi.org/10.1109/ISKE.2008.4730998

2008-01-01

Abstract:Through comprehensive analysis of software security vulnerability, a novel vulnerability detecting method based on similar characteristic is proposed in this paper. The method aims at C Code security detection. Based on Case-based Reasoning technology, the method performs similarity matching between security characteristic of source code and the characteristic of known security vulnerabilities, and calculates the similarity to determine if the code has security vulnerabilities. The experiments demonstrate that the presented method can effectively improve the veracity and efficiency of vulnerability detection. And it solves the problems that current detecting methods based on rule-matching cannot rapidly and accurately handle the large-scale legacy software and structurecomplicated software. Furthermore, the definition and selection of threshold also improves the adaptability and agility of detecting method. © 2008 IEEE.

SUN Ming,GU Da-wu,LI Juan-ru,LUO Yu-hao

DOI: https://doi.org/10.3969/j.issn.1001-3695.2012.02.068

2012-01-01

Abstract:Static binary analysis methods cannot meet the demand for malicious code analysis,and the traditional dynamic analysis approaches cannot effectively find the critical information among the huge amount of dynamic binary code.This paper gave a kind of differential analysis approach on dynamic binary code and provided its model and method.This approach could effectively extract the sensitive information from malicious code and make the function module or data spread understood.Finally,it provided an experiment based on differential binary analysis system,which validated the capability and efficiency of the approach.

Xiaobing Liang,Baojiang Cui,Yingjie Lv,Yilun Fu

DOI: https://doi.org/10.1109/imis.2015.40

2015-01-01

Abstract:The security defect detection technology based on source code usually makes use of static analysis methods to detect security vulnerabilities in the test software, which does not consider the runtime information of program execution and the interaction information with the program runtime surrounding environment, so the security defect detection technology based on source code usually results in higher false positive rate. The binary program vulnerability detection methods based upon dynamic analysis usually have lower false positive rate, but their effectiveness depends entirely on test case generation, the detection efficiency of dynamic analysis based on binary program is lower. Moreover, the research of source code vulnerability detection technique and binary executable vulnerability detection technique are essentially fragmented, without considering the relationship between the two classes of methods. In order to improve the efficiency for source code and binary executables vulnerability detection, we presents a collaborative analysis method for vulnerability detection of source code and binary executables based upon the unified defect mode set, meanwhile, we verify the effectiveness of our method using a concrete example in this paper.

Yang Cao,Yunwei Dong,Xiaomin Wei,Xiao Wu

DOI: https://doi.org/10.1109/QRS-C.2019.00080

2019-01-01

Abstract:In the system architecture design phase, there may be flaws introduced by the access control design. The flaws make the system design vulnerable. Vulnerabilities that are not detected during the design phase will be taken to the subsequent phases of the system development. This reduces system security and leads to more repair cost. In order to detect the access control flaws in the design phase as early as possible, we propose the security analysis method using Architecture Analysis and Design Language (AADL). This method analyzes the access control policies between components. It can analyze and detect the access control flaws in the AADL architecture model. For describing the access control policies, vulnerability model annex is created. We use a case study, based on a module from an aircraft intelligent information system, to introduce the application of modeling and analysis methods.

Yuelei XIAO,Zhixiang ZHU,Yong ZHANG

DOI: https://doi.org/10.13682/j.issn.2095-6533.2015.05.003

2015-01-01

Abstract:By analyzing the process of security protocols,the definition of driving module (DM) is introduced,and then regular and penetrator DMs are formed according to the Strand Space Model (SSM).Based on this,a DM-based model checking method is proposed.Theoretical analysis indicates that this method is prefect in terms of searching breadth and depth,and can avoid the state space explosion problem.Therefore,this method can be used not only to get the attack scenarios of a flawed security protocol,but also to prove that an unflawed security protocol is secure.Moreover,the Otway-Rees protocol and the TLS protocol are analyzed based on this method.As a result,various attack scenarios of the Otway-Rees protocol are discovered and two secure improved Otway-Rees protocols are put forward,and therefore the TLS protocol is proved to be secure.

李广旭,李伟华,潘炜,史豪斌

DOI: https://doi.org/10.3778/j.issn.1002-8331.2008.32.019

2008-01-01

Computer Engineering and Applications Journal

Abstract:A program structure parsing model for binary file reverse analysis is presented.The model disassembles a binary file to generate a corresponding assembly file,eliminates redundant information from the assembly file,and then statically analyzes the assembly file to construct basic blocks with index-dependent information.It extracts control flow and function call information of binary file based on basic blocks,and creates control flow and function call graphs.The model does not depend on source code, but shows better practicability and generality.Our experiments demonstrate that the proposed model has a high accuracy in pars- ing program structure of binary file.

Wang Chunlei,Zhao Gang,Dai Yiqi

DOI: https://doi.org/10.1109/ICCSIT.2009.5234950

2009-01-01

Abstract:This paper proposes a control flow based security analysis approach for binary executables. Through deeply investigating the theory of control flow security, we develop the Control Flow Security Model (CFSM) which includes the formal definitions for program semantics and security properties for control flow. CFSM specifies that program execution dynamically follows only certain paths, in accordance with a statically declared security properties specified as Control Flow Constraint Specification (CFCS). We have proposed an efficient control flow security analysis algorithm for verifying that a particular control flow model satisfies the associated security properties. Our work contributes to bridging the gap between abstract specifications of control flow security properties and actual control flow security analysis for binary executables. The effectiveness and the practical usefulness of the approach are exemplified by an illustrative analysis of heap overflow vulnerability.

梁婕,张淼,徐国爱,杨义先

2008-01-01

Abstract:This paper introduced some current static analysis methods in source code,after comparing their advantage and disadvantage,gave a new model of static analysis.Based on current analysis methods,the new model gets data information in context by data flow analysis and control flow analysis which are often referred in compiler,and therefore security problems can be found more exactly.

Tiantian Tan,Baosheng Wang,Zhou Xu,Yong Tang

DOI: https://doi.org/10.1007/978-3-030-00009-7_25

2018-01-01

Abstract:Although vulnerability analysis based on source code has achieved a significant progress, large numbers of software exist in binary code, research of binary vulnerability analysis is more important. This paper presented an overview of the field of binary vulnerability analysis framework, classified typical vulnerability analysis technologies into intermediate language, taint analysis, symbolic execution, and fuzzing, classified current framework based on typical analysis technologies, summarized limitations of current framework and design a next generation automatic binary vulnerability analysis framework, and then we summarized the core principles, process, and limitations of each analysis technology in next generation frameworks, and discussed possible optimizations that could improved vulnerability analysis. This survey on binary vulnerability analysis can provide theoretical guidance for the development of the future binary analysis.

MAO Chen-xiao,LUO Wen-jian,WANG Xu-fa

DOI: https://doi.org/10.3969/j.issn.1000-1220.2006.07.016

2006-01-01

Abstract:A security protocol implemented with an improper cryptosystem may have cryptosystem-related flaws.It is difficult to analyze this kind of flaws because the perfect encryption hypothesis cannot be used.CKT5 logic is extended.Focused on the symmetric key cryptography,the properties of the stream cipher and the block cipher are introduced into the logical framework of CKT5 in the form of logical inference rules,which make the extended logic to be capable to analyze the cryptosystem-related flaws.An example is given to illustrate how to use the extended logic to analyze the cryptosystem-related flaws.

Xiaohua Li,Gang Wang,Lin Xiao,Maosheng Ding

DOI: https://doi.org/10.1109/TDC.2005.1547134

2005-01-01

Abstract:This paper gives a new more practical software reliability model based on architectures of software components. This model uses semi-Markov chain and can give the quantitative evaluation about the digital protection's software. It analyzes the relation between the material architecture of software's modules and the reliability of software, then changes the model into a semi-Markov one based on the architecture of software's modules. Besides having the characters of the former model, this one have the ability to emulate the reliability in the situation which is the software having complex architecture or the system having the capability about paratactic calculating. Furthermore, the variable parameter method is used to study the sensitivity in order to find the vital factors of reliability. An example is given to demo the proposed techniques. The calculation results prove that the algorithm is viable. © 2005 IEEE.

Dan Han,Yanhui Guo,Yixian Yang

DOI: https://doi.org/10.19335/j.cnki.2095-6649.2012.10.004

2012-01-01

Abstract:The existing information systems risk assessment methodologies which concern about the safety analysis of the various components of the system, are lacking in grasp of the overall system security features. With the maturing of complex network theory, more and more researchers take advantage of this theory to solve structural analysis problems of reality system. In this article, the complex network theory has been applied to the field of structural risk analysis of complexity information systems. In order to analyses structural vulnerability of complex information systems, there do some research on connectivity and efficacy of the Information systems network. By study of the network traffic, which is the unique characteristic of information network system, this method makes up for the one-sidedness of the Universal complex network theory in evaluate efficacy of network. At the same time, it fills the blank in research of overall structure vulnerability of the information system.

Liu Xin,Cai Wandong

DOI: https://doi.org/10.1109/iccsn.2011.6013559

2011-01-01

Abstract:In this article we address program errors, and through the static code analysis. First, we use inter-procedural based on analysis and blunt insensitive vulnerability testing model, — extracted from the source code. Second, we use of model checking to solve the model. In addition, we do alias analysis method is correct and accuracy testing model. This paper proposed concepts are aimed at those general class buffer of those loopholes and can be applied to the detection of buffer overrun vulnerabilities types such as format string of attacks, and the test code injection. In order to evaluate the effectiveness of CodeAuditor, use the tool to detect the loophole few C affinity grams. We take six open source applications as a test. Experimental results show that, 18 previously unknown vulnerabilities in six open source applications have found our tools. The observation is false positives in about 23%.

Jinxin Zhong -,Wenqing Fan -,Jing An -,Miao Zhang -,Yixian Yang -

DOI: https://doi.org/10.4156/jdcta.vol6.issue4.15

2012-01-01

International Journal of Digital Content Technology and its Applications

Abstract:Nowadays, Vulnerability exploiting has become a major means of malicious code communication. In order to solve the problem that polymorphic and metamorphic vulnerability exploit variants is difficult to detect, it presents a method of detecting vulnerability exploits based on binary behavior analysis in this paper. The method track and monitor the memory and register changes the binary file's behavior results, and have a formal verification on application's behavior through intermediate‐level language. In this paper, we examine the performance of binary analysis by taking two sets of experiments for separate targets, one is 13 local file vulnerabilities, the other is web browser vulnerabilities. The results show that the exploits detection method based on binary behavior analysis can be effectively used for analysis and detection of the vulnerabilities, also with significantly reduced time and space complexity.

WANG Chun-lei,LIU Qiang,ZHAO Gang,DAI Yi-qi

DOI: https://doi.org/10.3778/j.issn.1002-8331.2009.26.024

2009-01-01

Abstract:The detection of flaw functions in binary executables is an important technique for software vulnerability analysis.A flaw function detection method based upon the static analysis of executable is proposed.The foundation of this method is the signature theme of flaw functions in the form of binary instruction flow.This method establishes the set of potential function call sequences in the running process and constructs the function call graph by statically analyzing the binary executable,and detects the set of flaw functions the executable invoked by matching and analyzing the signatures of flaw functions with the function call graph.Experimental results demonstrate that the method is effective for detecting the flaw functions in executables,and is useful for further security analysis.

CHEN Chao,LI Jun,KONG De-guang,SHUAI Jian-mei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2008.15.019

2008-01-01

Abstract:Introduce model checking method to built model for binary executable,develop a useful model checker.This paper produces a finite state machine,which is used to model a normal malicious binary executable,then make use of model checker to check obfuscated binary executable.If obfuscated binary executable can be identified by finite state machine,this binary executable is malicious executable.The experiment result shows model checking for obfuscated binary executable is an effective static analysis method and can check out some obfuscated binary executable.

Ge Yi,Huang Wenchao,Xiong Yan

DOI: https://doi.org/10.19734/j.issn.1001-3695.2022.08.0446

2023-01-01

Abstract:With the development of formal analysis technology of security protocols, automatic verification using tools has been realized, but modeling still needs to rely on manual modeling by professionals, which is difficult and costly and limits the further spread of formal analysis technology.In order to improve the automation of formal modeling, this paper proposed a scheme of formal assistant modeling based on security protocol code.Firstly, the method used taint analysis to obtain communication processes and record the cryptographic primitive operations.Then, it constructed the protocol communication state machine according to the sequential relationship between communication processes.Finally, it generated a formal model according to the syntax of Tamarin, a mainstream formal analysis tool for security protocols.Experimental results show that this scheme can gene-rate the key parts of the formal model and improves the degree of automation of the formal modeling, which contributes to the spread of formal analysis technology.