跨指令架构二进制漏洞搜索技术研究.PDFVIP

跨指令架构二进制漏洞搜索技术研究 1 1 1 1 徐威扬 ，李尧 ，唐勇 ，王宝生 （1.国防科学技术大学,长沙,410073 ） 摘 要： 计算机软件技术不断发展的过程中，漏洞的出现无法避免，快速识别漏洞是保护计算机系统的关键。现 有的方法大多数是基于源代码的，即使一些基于二进制层面的方法也是只在单一指令架构上完成。针对以上问题， 本文提出一种高效搜索二进制代码漏洞的方法。通过将不同指令架构的汇编代码规范化，基于函数控制流图提取基 本块特征向量来计算代码片段间的相似性，利用机器学习技术来调整计算相似性算法的参数，提高算法的准确度。 实验表明，该方法能够准确找到样例中存在的已知漏洞，如OpenSSL 库中的Heartbleed 漏洞，BusyBox 中的提权漏 洞，以及路由器固件中存在的后门。 关键词： 二进制；漏洞搜索；特征匹配 The Research on Cross-Platform Vulnerability Searching in Binary Executables 1 1 1 1 Weiyang Xu ，Yao Li ，Yong Tang ，Baosheng Wang Abstract ： During the period of the development of computer software, the emergence of vulnerabilities can not be avoided. Thus, rapid identification of vulnerabilities is the key to protect the computer system. Most of the existing methods are based on source code, and the methods based on binary are only done on a single instruction architecture. Because of the above problems, this paper proposes an efficient way to search vulnerabilities on binary level. Firstly, simplify the assembly code of different instruction architectures. Then, calculate the similarity between the code fragments by the basic block feature vectors which are extracted from the function control flow graph. At last, adjust the parameters of the similarity algorithm to improve the accuracy of the algorithm through the machine learning technique. Experiments show that the method can accurately find the known vulnerabilities in the sample, such as the Heartbleed vulnerability in the OpenSSL library, the exploit vulnerabilities in the BusyBox and the back doors that exist in the router image. Key w