Research On Detecting Buffer Overflow In Binary Code

With the improvement of software flexibility, complexity and the quick development of the Internet, the software security vulnerability problem is more serious. Once the vulnerability is exploited for attack, it may cause great trouble. Among all of the them, buffer overflow is one of the most important vulnerabilities. It have been perplexing the security experts and software costumers for long time. Existing softwares especially the business softwares are mostly provided to users with binary code. Therefore, it has more practical significance for analyzing the binary code, although has more difficulties. This thesis research on the software vulnerability detecting, focus on the exploring of binary code.(1) The common binary software vulnerability detecting technologies are discussed. The advantages and disadvantages of dynamic and static detecting technologies are summarized. An explicit analysis is applied on source code and binary code due to the difference during the detection. And a deep investigation on analysis technicals such as information analysis, fuzzing, program slicing, type inference, symbolic execution and instrument is developed.(2) The current research and popular technologies of detecting buffer overflow vulnerabilities are summarized and discussed. The definition and taxonomies of buffer overflow vulnerabilities are introduced. Its prevalence and damage to software security are summarized as well as its essential characteristic in binary code. The common exploit patterns and protection technologies are analyzed.(3) A method of detecting buffer overflow vulnerabilities in binary code is discussed, which is based on dynamic taint propagation. A kind of buffer overflow vulnerabilities caused by incorrect verification is studied. The buffer overflow pattern is developed for detecting mission combined with sensitive instruction analysis, information flow analysis and program slicing technology. The mission is implemented by static analysis and dynamic analysis.(4) Based on the former modeling method and detecting technology, a prototype system for automatic detecting binary buffer overflow vulnerabilities is designed and implemented with the name of bptrace. Its effectiveness is tested and verified through our experiments. It can detect and locate buffer overflow vulnerabilities in binary code of business software.