二进制代码中整数型漏洞挖掘和利用技术

Research on Integer Type Vulnerability Mining and Usage in Binary Code

作者：刘亮(四川大学信息安全研究所)；彭帝(四川大学信息安全研究所)；杨延峰(四川大学信息安全研究所)；吴润浦(中国信息安全测评中心)

Author：Liu Liang(Inst. of Info. Security,Sichuan Univ.)；Peng Di(Inst. of Info. Security,Sichuan Univ.)；Yang Yanfeng(Inst. of Info. Security,Sichuan Univ.)；Wu Runpu(China Info. Technol. Evaluation Center)

收稿日期：2010-08-26 年卷（期）页码：2012,44(1):123-126

期刊名称：工程科学与技术

Journal Name：Advanced Engineering Sciences

关键字：整数型漏洞；逆向工程；Fuzzing技术；符号执行；漏洞分析

Key words：integer vulnerability；reversing engineering；Fuzzing technology；symbolic execution；vulnerability analysis

基金项目：其它

中文摘要

通过对以往二进制挖掘模型的研究，提出了一种新的二进制代码整数型漏洞挖掘方法模型，该模型综合运用了Fuzzing、逆向工程和符号执行等相关技术。首先利用逆向分析锁定与整数漏洞相关的代码部分，获得数据相关类型操作，检测敏感函数，构建函数结构流图，确定整数漏洞相关的代码部分；其次通过对汇编代码的符号执行，获得代码的输入输出关系和路径约束条件，调整Fuzzing的输入，这些可以大大提高Fuzzing的路径覆盖和效率。本模型使得二进制整数型漏洞的挖掘准确性得到了一定程度的提高。

英文摘要

By researching the previous binary mining method, a new mining model based on fuzzing, reversing and symbolic execution technology was presented. This method used reversing analysis to locate integer vulnerabilities scope, obtain related data types by IDA disassembler and SDK development kit, detect safety sensitive functions, build function control diagram, determine the related codes of potential integer vulnerabilities, and cover each code part related. The input and output relations were obtained by symbolic execution in assembly codes and adjusting the input for fuzzing. The proposed model greatly enhances the binary integer vulnerabilities mining accuracy and efficiency.

【关闭】

论文摘要

二进制代码中整数型漏洞挖掘和利用技术

Research on Integer Type Vulnerability Mining and Usage in Binary Code