Title :
LoongChecker: Practical Summary-Based Semi-simulation to Detect Vulnerability in Binary Code
Author :
Cheng, Shaoyin ; Yang, Jun ; Wang, Jiajie ; Wang, Jinding ; Jiang, Fan
Author_Institution :
Inf. Technol. Security Evaluation Center, Univ. of Sci. & Technol. of China, Hefei, China
Abstract :
The automatic detection of security vulnerabilities in binary code is challenging and lacks efficient tools. This paper presents a novel semi-simulation approach to statically detect potential vulnerabilities in binary code. The semi-simulation approach simulates address related instructions accurately using value set analysis, and only traces data dependence on other instructions using data dependence analysis. We have implemented this approach on a tool called LoongChecker, and evaluate it on three real world programs, and detect three known vulnerabilities and two zero-day vulnerabilities. The results show our approach is practical and can be applied to large real world software.
Keywords :
data analysis; program debugging; security of data; LoongChecker; automatic detection; binary code; data dependence analysis; practical summary based semisimulation; program debugging; security vulnerabilities; Assembly; Binary codes; Buildings; Reactive power; Registers; Security; Software; Semi-simulation; binary code; function summary; static analysis; taint analysis; vulnerability detection;
Conference_Titel :
Trust, Security and Privacy in Computing and Communications (TrustCom), 2011 IEEE 10th International Conference on
Conference_Location :
Changsha
Print_ISBN :
978-1-4577-2135-9
DOI :
10.1109/TrustCom.2011.22
