Excavating device and excavating method of binary system program loopholes

Abstract

Provided are an excavating device and an excavating method of binary system program loopholes. The excavating device is provided with a static analysis module, a debugger module, a genetic algorithm module, a test input generation module and an abnormal monitoring module which are sequentially connected and a dynamic pollution tracking module located between the debugger module and the genetic algorithm module. The excavating device is guided to generate a test case by aid of a fitness function of the genetic algorithm, the multi-objective fitness function is designed, and the test case is evaluated in view of quantification. Dynamic pollution tracking is used for identifying key bytes in input files to narrow search space of the genetic algorithm. The excavating device combines advantages of the genetic algorithm and the dynamic pollution tracking and is guided to generate the test case, so that the generated test case is strong in pertinence, generated test data are high in accuracy and efficiency, further qualitative analysis and quantitative calculation are combined, and therefore path explosion in binary system program testing based on the symbolic execution and constraint solving technology is avoided.

Description

technical field [0001] The present invention relates to a software security technology, specifically, to a binary program loophole mining device and method that integrates genetic algorithm and dynamic pollution tracking, and belongs to the technical field of binary program security loophole detection. Background technique [0002] At present, in the field of software security research, security analysis of binary programs is often performed. An important issue in the process of security analysis is how to quickly generate targeted test cases for triggering possible security vulnerabilities in binary programs. Now, the method commonly used in the engineering industry is fuzz testing Fuzz Testing (also known as: random number black box brute force testing method). Fuzz Testing can automatically generate test data with accurate test results and a wide range of applications; however, the path coverage of generated test input files is low, and most of the generated test cases po...

AI Technical Summary

Problems solved by technology

Complex conditional branches and deeply nested loops in binary programs lead to serious path explosion problems

[0007] (1) Dynamic binary program vulnerability mining technology based on symbolic execution and constraint solving faces high computational costs

[0008] (2) The dynamic binary program vulnerability mining technology based on symbolic execution and constraint solving has incompleteness when collecting the constraints of the binary program execution path, and the current constraint solver is difficult to solve complex nonlinear constraints get its exact solution

[0009] (3) The dynamic binary program vulnerability mining technology based on symbolic execution and constraint solving usually blindly truncates loops, so it is easy to miss some program paths that may contain vulnerabilities

[0010] (4) The test cases automatically generated by Fuzzing-based dynamic testing are blind, and a large number of generated test cases all point to the same path, lacking guidance, and the efficiency of triggering potential security vulnerabilities in binary programs is low

However, it theoretically has a high rate of false negatives and false negatives, making it difficult to accurately locate vulnerabilities

Moreover, most static analysis needs to be analyzed on the basis of source code, and the static symbolic execution technology for binary programs is also relatively complicated and expensive to calculate.

Images