Active Binary Vulnerability Automation Mining Technology Based On Control Flow Integrity Detection

Nowadays,people's life style is inseparable from the Internet.Software with various functions covers all aspects of life.The resulting software vulnerabilities seriously threaten people's privacy and property security.Because in most cases,researchers can only contact the software binary program and can not get the source code of the software,so the vulnerability detection of the binary program has more practical value.Current vulnerability discovery theory does not abstractly model a class of vulnerabilities,but uses different vulnerability discovery methods for different vulnerabilities,so the efficiency of vulnerability detection is very low.In order to solve this problem,this thesis detects the vulnerabilities that destroy the integrity of control flow,and combines symbolic execution technology with many advanced technologies(including control flow recovery,data flow tracking,program slicing,constraint solving,etc.)to realize the automatic detection of binary vulnerabilities,which greatly improves the ability of vulnerabilities detection.Based on the existing research results,this thesis realizes the automatic mining of binary vulnerabilities based on control flow integrity detection.The main contents and achievements of this thesis include the following aspects:1.Firstly,the definition of vulnerabilities and the existing vulnerability detection technology are summarized and introduced,and the working principle and framework of symbol execution technology are further analyzed.On this basis,the working mechanism of the symbol execution engine Angr used in this thesis is elaborated in detail,and the existing solutions of path explosion in symbol execution are summarized.2.Secondly,aiming at the problem of strong pertinence and poor universality of existing binary vulnerability detection methods,a binary vulnerability automatic detection method based on control flow integrity detection is proposed.In view of the common binary vulnerabilities,such as stack overflow,heap overflow,function pointer tampering,structured exception handling attacks and so on,they can be unified and abstracted to destroy the integrity of control flow.This method first obtains all legitimate control flow transfers through static binary analysis,then uses symbol execution engine to explore all feasible paths,and injects constraints at control flow transfers.Finally,it determines whether there is a vulnerability that destroys the integrity of control flow by solving constraints.If there is,it automatically generates input that can trigger vulnerabilities.3.Finally,the proposed active binary vulnerability automation mining technology based on control flow integrity detection is verified by experiments with actual CVE.Experiments show that the proposed technology improves the efficiency and accuracy of vulnerability detection.