摘要: 污点指针严重影响二进制代码数据流和控制流的安全。为此,提出一种二进制代码缺陷检测方法。引入指针污点传播规则,结合路径约束条件和边界约束条件得到缺陷引发条件,构造能够引发4类污点指针代码缺陷的输入数据。在Linux系统下实现ELF二进制代码缺陷检测工具,测试结果表明,该方法能降低测试用例生成数量,并发现Linux系统工具的1个虚函数调用控制缺陷和2个指针内存破坏缺陷。
关键词:
污点指针,
污点传播,
符号执行,
边界条件,
缺陷检测,
内存破坏
Abstract: Taint pointers are serious threats to the security of data flow and control flow. A method for binary defect detection is proposed, which is based on dynamic taint propagation, dynamic symbolic execution and bound constraint analysis, including introduction of the pointer propagation rules, generation of trigger condition by combing path constraints with bound constraints. It can generate inputs for four types of code defects caused by taint pointer. Test results show that this method reduces the number of test case generation effectively, and a virtual function call hijack and two pointer memory corruption defects are found in the test of Linux system tools.
Key words:
taint pointer,
taint propagation,
symbolic execution,
bound condition,
defect detection,
memory corruption
中图分类号:
刘杰, 王嘉捷, 欧阳永基, 王清贤. 基于污点指针的二进制代码缺陷检测[J]. 计算机工程, 2012, 38(24): 46-49.
LIU Jie, WANG Jia-Cha, OU Yang-Yong-Ji, WANG Qing-Xian. Binary Code Defect Detection Based on Taint Pointer[J]. Computer Engineering, 2012, 38(24): 46-49.