Please enable JavaScript.
Coggle requires JavaScript to display documents.
2015 - Dynamic binary analyzer for scanning vulnerabilities with taint…
2015 - Dynamic binary analyzer for scanning vulnerabilities with taint analysis
Information
Approach
Dynamic Binary Analyzer
Taint Analysis
Find vulnerability during runtime
Effect of an input in the program
How do the input spread in the program
Most security accidents are caused by security vulnerability
Conclusion
System model
Semantic Extractor
Gathers semantic information on relevant process, module, thread in guest OS
Consist
Symbol information module
API identification
Classify each function of binary file being anaylze
Matching API function call list with collected function
Process module
Load updated memory information from guest OS
Callback routine
Create process routine
Delete process routine
Load the address range of used memory in newly created module
Thread module
Analyzes the thread of application and OS kernel for information analysis
Thread information contains
Data Structure
Lately attached address
Instruction set of current thread
Execution module
Collect external function call list and interrupts in guest OS
QEMU
Taint Analysis Engine
Taint source: External input
Code Translator
To execute commands of target process on the virtual machine, the codes of target process must be translated into other codes that can be understood by virtual machine
Code translator cuts the original code block of target process into the small code block by code block slicer, for the target code separated into observable unit of code.
Target commands is translated into the intermediate code to make it be operable in the virtual machine by intermediate translator
In instrumentation phase, statements of new translated code are extended and inserted taint information used to trace taints
Goals
Problem
Traditional security program usually utilizes pattern matching techniques
Difficulties in countering attack from unknown vulnerability or self-modifying code
Contribution
A framework for scanning vulnerabilities with taint analysis
Monitor all actions of binary file that affects operating system
Expandable tool for additional security element and policy
Find existing security vulnerabilities in binary file
Authors