TANG He-ping,HUANG Shu-guang,ZHANG Liang

2010-01-01

Abstract:Software vulnerabilities have become an omnipresent and dangerous threat to network security.Vulnerability Exploits Detection is proposed to take active defense measures to monitor system state and cut exploit data sources off or terminate program execution before exploitation.Taint analysis for vulnerability exploits detection is composed of taint propagation link,taint propagation,taint analysis and taint track.A Vulnerability exploits detection prototype system was implemented by emulator and many optimization mechanisms.In contrast to the experiment result of other taint analysis systems,our prototype system has higher accuracy and vulnerability exploits coverage.

Yanmiao Zhang,Xiaoyu Ji,Yushi Cheng,Wenyuan Xu

DOI: https://doi.org/10.23919/ChiCC.2019.8866144

2019-01-01

Abstract:As a modern power transmission network, smart grid connects abundant terminal devices and plays an important role in our daily life. However, along with its growth are the security threats. Different from the separated environment previously, an adversary nowadays can destroy the power system by attacking its terminal devices. As a result, it's critical to ensure the security and safety of terminal devices. To achieve it, detecting the pre-existing vulnerabilities in the terminal program and enhancing its security, are of great importance and necessity. In this paper. we introduce Cker, a novel vulnerability detection tool for smart grid devices, which generates an program model based on device sources and sets rules to perform model checking. We utilize the static analysis to extract necessary information and build corresponding program models. By further checking the model with pre-defined vulnerability patterns, we achieve security detection and error reporting. The evaluation results demonstrate that our method can effectively detect vulnerabilities in smart devices with an acceptable accuracy and false positive rate. In addition, as Cker is realized by pure python. it can be easily scaled to other platforms.

Wei Pan,Weihua Li

DOI: https://doi.org/10.1109/ispa.2009.73

2009-01-01

Abstract:In information era advocating ubiquitous computing, computing resources are susceptible to attack without guaranteeing security of network system. It is necessary and desirable for network system to employ powerful safeguard to protect itself against diversified vulnerabilities. In this paper, we present reverse analysis and vulnerability detection for network system software (RAVDNSS), a novel approach which uses reverse analysis and vulnerability detection technologies to deal with security problems on critical network system. Adaptive reverse analysis we propose is used to dig out potential vulnerabilities, which might be abused by unauthorized and unlawful communities. A new vulnerability detection model is designed to provide safety precautions through detecting vulnerabilities and monitoring program behaviors. Our investigation aims to improve the ability to guard network system against malicious attacks. The proposed schemes demonstrate that our approach can effectively perform security detection and management of network system software.

Heping Tang,Shuguang Huang,Yongliang Li,Lei Bao

DOI: https://doi.org/10.1109/ICCET.2010.5485224

2010-01-01

Abstract:Untrusted Data originating from network input and configuration files, causes many software security problems. Keeping track of the propagation of untrusted data in program runtime is the main idea of dynamic taint analysis for vulnerability exploits detection. In this method data from network user input and configuration files were labeled as taint. In virtue of data flow analysis we design taint propagating algorithm, and define several taint detection policies for security-critical function which used taint data in dangerous ways that could cause vulnerability exploit. A vulnerability exploit detection prototype system was implemented. In contrast to other taint analysis systems, our prototype system has higher accuracy and vulnerability exploits coverage and low workloads.

Ruoyu Zhang,Shiqiu Huang,Zhengwei Qi,Haibing Guan

DOI: https://doi.org/10.1016/j.camwa.2011.08.001

IF: 3.218

2012-01-01

Computers & Mathematics with Applications

Abstract:The evolution of computer science has exposed us to the growing gravity of security problems and threats. Dynamic taint analysis is a prevalent approach to protect a program from malicious behaviors, but fails to provide any information about the code which is not executed. This paper describes a novel approach to overcome the limitation of traditional dynamic taint analysis by integrating static analysis into the system and presents framework SDCF to detect software vulnerabilities with high code coverage. Our experiments show that SDCF is not only able to provide efficient runtime protection by introducing an overhead of 4.16× based on the taint tracing technique, but is also capable of discovering latent software vulnerabilities which have not been exploited, and achieve code coverage of more than 90%.

Weina Niu,Xiaosong Zhang,Xiaojiang Du,Lingyuan Zhao,Rong Cao,Mohsen Guizani

DOI: https://doi.org/10.1016/j.measurement.2019.107139

IF: 5.6

2019-01-01

Measurement

Abstract:Computer system vulnerabilities, computer viruses, and cyber attacks are rooted in software vulnerabilities. Reducing software defects, improving software reliability and security are urgent problems in the development of software. The core content is the discovery and location of software vulnerability. However, traditional human experts-based approaches are labor-consuming and time-consuming. Thus, some automatic detection approaches are proposed to solve the problem. But, they have a high false negative rate. In this paper, a deep learning based static taint analysis approach is proposed to automatically locate Internet of Things (IoT) software vulnerability, which can relieve tedious manual analysis and improve detection accuracy. Deep learning is used to detect vulnerability since it considers the program context. Firstly, the taint from the difference file between the source program and its patched program selection rules are designed. Secondly, the taint propagation paths are got using static taint analysis. Finally, the detection model based on two-stage Bidirectional Long Short Term Memory (BLSTM) is applied to discover and locate software vulnerabilities. The Code Gadget Database is used to evaluate the proposed approach, which includes two types of vulnerabilities in C/C++ programs, buffer error vulnerability (CWE-119) and resource management error vulnerability (CWE-399). Experimental results show that our proposed approach can achieve an accuracy of 0.9732 for CWE-119 and 0.9721 for CWE-399, which is higher than that of the other three models (the accuracy of RNN, LSTM, and BLSTM is under than 0.97) and achieve a lower false negative rate and false positive rate than the other approaches. (C) 2019 Published by Elsevier Ltd.

唐和平,黄曙光,张亮

DOI: https://doi.org/10.3969/j.issn.1002-137x.2010.07.036

2010-01-01

Computer Science

Abstract:Untrusted data originating from network user input and configuration files,causes many software security problems,when operated by security-critical function without strict data validation.Keeping track of the propagation of untrusted data is the main idea of dynamic taint analysis for vulnerability exploits detection.Data derived from network user input and configuration files were labeled as taint.Executed taint propagating algorithm by virtue of data flow analysis,and carried out several taint detection policies for each security-critical function.A vulnerability exploits detection prototype system was implemented on open source emulator and many optimization mechanisms were deployed.

孔德光,郑烇,帅建梅,陈超,葛瑶

2009-01-01

Abstract:Static analysis technology is a significant method to detect software vulnerabilities. To cope with the problem of untrusting data inputs leading to software vulnerabilities, presents a vulnerability detection method based on taint analysis. It tracks various kinds of input including program parameters and environment variables ,marks the type of input, after constructing the control flow graph, makes use of dataflow information, propagating the taint data to the vulnerability functions, to settle the problem of buffer overflow and format string. It utilizes the related information of control flow and dataflow during this process, thus improves the accuracy and decreases the false negatives. It is proved by experiment that this technology is an effective vulnerability analysis method.

Zhi Liu,Xiaosong Zhang,Xiongda Li

DOI: https://doi.org/10.1109/mines.2010.108

2010-01-01

Abstract:Software vulnerability is the major root of security issues which results in serious attacks such as DDOS and worms. How to find vulnerability especially on binaries has been an alluring but challenging topic. Traditional black-box fuzzing heavily relies on input format so that it cannot work on unknown formats, more severely, it cannot generate effective test cases because it randomly change input values. Therefore, fuzzing is rarely effective in real-world circumstances. Information flow tracking, namely taint analysis, has been used in recent years in attack detection and malware analysis but no prior work has used this technique to actively find software vulnerability on binaries. In this paper, we propose a novel approach to find software vulnerability via dynamic tainting consisting of three steps. First execute target program with a seed input being independent of input format. Then identify relevant bytes by back tracking from vulnerability points, defined as dangerous library or system calls, to the original input. Finally generate new test cases by mutating relevant bytes while irrelevant parts remain unchanged. It guarantees that new inputs are able to divert execution flow to vulnerability points. We implemented the system in Windows and evaluated two real-world vulnerabilities. Compared with black-box fuzzing, experiment results show our approach can generate effective test inputs to expose vulnerabilities in short time, which also incurs low overhead.

Liu Xingbo,Li Yuanlin,Yu mingjun,Zheng Yan,Yu Jinlong,Guo Yunfeng,Kong Huafeng,Qiang Weizhong

DOI: https://doi.org/10.3969/j.issn.1000-386x.2022.11.045

2022-01-01

Abstract:Taint analysis technology is an important technical means for vulnerability detection. Due to the lack of additional information at runtime, using static taint analysis technology to detect code will produce many false positives. Based on the taint analysis technology, this paper proposes a more fine-grained taint analysis method for Web vulnerabilities. A more accurate object status record was generated during code analysis. The execution path of the code was judged and the stain and sink transfer processes were accurately recorded, which effectively reduced over-pollution and under-pollution. The symbol execution tool was used to verify the reachability of the vulnerability location, and some false vulnerability warnings could be eliminated, which effectively reduced the false positive and false negative rates.

Wei-Jun SHEN,En-Yi TANG,Zhen-Yu CHEN,Xin CHEN,Bin LI,Juan ZHAI

DOI: https://doi.org/10.13328/j.cnki.jos.005503

2018-01-01

Abstract:Vulnerability detection is an important way of improving the security of software.However,the development of the Internet makes it possible for hackers to attack software systems with new techniques.This paper focuses on a new kind of vulnerability that relates to numerical stability.It poses new threat to software security as hackers are able to bypass security protection by the new kind of vulnerability,and numerical analysis is difficult to detect such a vulnerability.In the paper,the vulnerability related to numerical stability is defined from the perspective of software behavior variation caused by numerical errors,and an automatic detection approach is proposed.The approach combines the static analysis and symbolic execution,and detects the vulnerability by three steps:symbolic extraction,static attack analysis,and dynamic attack verification with high precision values.This new approach is evaluated on a few famous open source projects.The results show that the proposed approach effectively detects the vulnerabilities related to numerical stability hidden in the real-world projects.

Pingyan Wang,Shaoying Liu,Ai Liu,Wen Jiang

DOI: https://doi.org/10.1016/j.jss.2023.111902

IF: 3.5

2024-02-01

Journal of Systems and Software

Abstract:Detecting security vulnerabilities is a crucial part in secure software development. Many static analysis tools have proved to be effective in finding vulnerabilities, but generally there are some complex and subtle vulnerabilities that can escape from detection. Manual audits are a complementary approach to using tools. Unfortunately, most manual analyses are tedious and error prone. To benefit from both the tools and manual audits, some approaches incorporate the auditor's expertise into a static analysis tool during vulnerability discovery. Following this strategy, this paper presents a representation of source code called a vulnerability net, which is a special Petri net that integrates with data dependence graphs and control flow graphs. The combined representation can facilitate the detection of taint-style vulnerabilities such as buffer overflows and injection vulnerabilities. We test the proposed approach on Securibench Micro and demonstrate that it has the capability to identify a variety of vulnerabilities while keeping the rates of false negatives and positives low.

computer science, theory & methods, software engineering

Bo Shuai,Mengjun Li,Haifeng Li,Quan Zhang,Chaojing Tang

DOI: https://doi.org/10.1109/CECNet.2013.6703400

2013-01-01

Abstract:In order to solve the problems of traditional Fuzzing technique for software vulnerability detection, this paper proposes a novel method based on genetic algorithm and dynamic taint analysis. First, static analysis is applied to calculate the critical path information, including danger functions, high cyclomatic number functions and loop structures. Second, dynamic taint analysis is introduced to identify the key bytes to reduce the input space. Third, the genetic algorithm fitness function is constructed based on the critical path information to guide the test case generation and the genetic operators are executed on the reduced input space. Experiments show that the method could obtain higher vulnerability detection accuracy and efficiency.

Kai Cheng,Qiang Li,Lei Wang,Qian Chen,Yaowen Zheng,Limin Sun,Zhenkai Liang

DOI: https://doi.org/10.1109/DSN.2018.00052

2018-01-01

Abstract:A rising number of embedded devices are reachable in the cyberspace, such as routers, cameras, printers, etc. Those devices usually run firmware whose code is proprietary with few public documents. Furthermore, most of the firmware images cannot be analyzed in dynamic analysis due to various hardware-specific peripherals. As a result, it hinders traditional static analysis and dynamic analysis techniques. In this paper, we propose a static binary analysis approach, DTaint, to detect taint-style vulnerabilities in the firmware. The taint-style vulnerability is a typical class of weakness, where the input data reaches a sensitive sink through an unsafe path. Specifically, we generate data dependency in a bottom-up manner through traversing callees before callers. To reduce the influence of the binary firmware, DTaint identifies pointer aliasing, interprocedural data flow, and similarity of the data structure layout. We have implemented a prototype of DTaint and conducted experiments to evaluate its performance. Our results show that DTaint discovers more vulnerabilities in less time, compared with the existing techniques. Furthermore, we illustrate the effectiveness of DTaint through applying it over six firmware images from four manufacturers. We have found 21 vulnerabilities, where 13 of them are previously-unknown and zero-day vulnerabilities.

Yongzhen Li,Gaolong Wang

DOI: https://doi.org/10.1109/ISAIEE57420.2022.00089

2022-12-01

Abstract:With the rapid development of the internet in China, we are dealing with web sites all the time, but with this comes the increasing vulnerability of various web applications. The vulnerability of web applications can be used to steal information, account theft and fraud, threatening the security of web applications. Therefore, the security detection of web applications is particularly important. This paper introduces the background of today's web application scanning technology, analyses the importance of securing web sites, and focuses on the history and future development trends of web application vulnerability scanning at home and abroad. The system is based on the OWASP Top 10 vulnerabilities of SQL injection and XSS, which have a large impact. By analysing the risks and principles of these two vulnerabilities, a scanning system is designed to run on the Windows platform.

Computer Science

Peng Wu,Liangze Yin,Xiang Du,Liyuan Jia,Wei Dong

DOI: https://doi.org/10.1109/qrs-c51114.2020.00018

2020-01-01

Abstract:With the development of open source software and open source community, there are more available codes on the Internet. And the open vulnerability information can be found on the Internet. In fact, using known vulnerabilities to calculate the similarity with the source code has been demonstrated a useful method to detect vulnerabilities. But the vulnerabilities often have many irrelevant codes, which may cause false positives and reduce the accuracy of vulnerability detection. Besides, the program code may have been patched. This also leads to false positives. We use code property graphs to extract source code and calculate the similarity between the vulnerable code and the source code to judge whether the software has vulnerabilities. By using the patched code, we can reduce the false positive. We use our approach on LibTIFF and Linux kernel. The experimental results show that the approach can effectively find vulnerabilities and reduce the false positive.

Zhihong Tian,Binxing Fang,Bin Li,Hongli Zhang

2005-01-01

Abstract:Intrusion detection systems are used to alert system administrators to malicious attacks. Unfortunately, running without any information of the network resources that they protect, intrusion detection systems are notorious for generating a large number of alerts that are either not related to malicious activity or not representative of a successful attack. To address this shortcoming, this paper presents a vulnerability-driven active alert verification approach that performs real-time verification of attacks detected by an intrusion detection system. By means of checking for the vulnerability that the attack attempts to exploit, we can verify whether the attack has succeeded or not. The Experimental evaluation illustrates that it is a useful tool for reducing the false positive rate.

Tao Zhang,Xiarun Chen,Zhong Chen

DOI: https://doi.org/10.1145/3630138.3630437

2024-01-01

Abstract:In modern research on program analysis and static vulnerability detection techniques, variables have consistently remained a critical focal point, especially concerning hazardous variables associated with crucial program operations. Analyzing the value ranges of variables in a program not only enhances the accuracy of program analysis but also provides further support for static vulnerability detection. This paper proposes a variable value range analysis method based on path analysis. By combining control flow graph analysis, data flow analysis, and abstract interpretation, it comprehensively analyzes the process from variable definition to its usage, iteratively capturing value ranges during the process to obtain more precise value range results. Experimental results demonstrate that the method presented in this paper accurately determines variable value ranges and is compatible with the analysis of various types of variables. Moreover, the paper's method successfully validates multiple security vulnerabilities, thereby substantiating its practical application value.

Li Fang Han,Ting,Kun Lun Gao,Nan Liu,Bao Jiang Cui

DOI: https://doi.org/10.4028/www.scientific.net/amm.602-605.3846

2014-01-01

Applied Mechanics and Materials

Abstract:Java applications have proliferated rapidly in recent years, and the security issue in the source code seems to bring a great threat which cannot be ignored. SQL injection and cross-site scripting vulnerabilities, path traversal, and so on are common Java security vulnerabilities. These vulnerabilities are usually caused by improper handling of user input and we call them input validation vulnerabilities [1].In this paper, we propose a Java source code analysis method based on the taint tracking. By means of vulnerability pattern match, we keep track of the introduction of tainted data and its propagation in different contexts, leading to comprehensive and accurate test results. Actually, we have applied this method to some of the open-source Java projects. Compared to other similar software, our technique presents good feasibility and superiority.

Ruoyu Zhang,Shiqiu Huang,Zhengwei Qi,Haibin Guan

DOI: https://doi.org/10.1109/IMIS.2011.59

2011-01-01

Abstract:Dynamic taint analysis has been proved to be very effective in solving security problems recently, especially in software vulnerability detection and malicious behavior prevention. Unfortunately, most of current researches in this field focus on the runtime protection, and are incapable to discover the potential threat in the software. This paper describes a novel approach to overcome the limitation of traditional dynamic taint analysis by integrating static analysis into the system and presents framework SDCF. The framework translates the binary into assembly code and tracks the data flow. Then with static method, the system can get the important information which can't be gained at runtime, such as unexecuted part of the code. When this information is acquired, they will be provided to the client tools. The practicability of the framework is validated by implementing and evaluating a tool built on SDCF. The result of the experiments shows that our system is able to detect latent software vulnerabilities efficiently.