• DocumentCode
    2897708
  • Title

    LoongChecker: Practical Summary-Based Semi-simulation to Detect Vulnerability in Binary Code

  • Author

    Cheng, Shaoyin ; Yang, Jun ; Wang, Jiajie ; Wang, Jinding ; Jiang, Fan

  • Author_Institution
    Inf. Technol. Security Evaluation Center, Univ. of Sci. & Technol. of China, Hefei, China
  • fYear
    2011
  • fDate
    16-18 Nov. 2011
  • Firstpage
    150
  • Lastpage
    159
  • Abstract
    The automatic detection of security vulnerabilities in binary code is challenging and lacks efficient tools. This paper presents a novel semi-simulation approach to statically detect potential vulnerabilities in binary code. The semi-simulation approach simulates address related instructions accurately using value set analysis, and only traces data dependence on other instructions using data dependence analysis. We have implemented this approach on a tool called LoongChecker, and evaluate it on three real world programs, and detect three known vulnerabilities and two zero-day vulnerabilities. The results show our approach is practical and can be applied to large real world software.
  • Keywords
    data analysis; program debugging; security of data; LoongChecker; automatic detection; binary code; data dependence analysis; practical summary based semisimulation; program debugging; security vulnerabilities; Assembly; Binary codes; Buildings; Reactive power; Registers; Security; Software; Semi-simulation; binary code; function summary; static analysis; taint analysis; vulnerability detection;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Trust, Security and Privacy in Computing and Communications (TrustCom), 2011 IEEE 10th International Conference on
  • Conference_Location
    Changsha
  • Print_ISBN
    978-1-4577-2135-9
  • Type

    conf

  • DOI
    10.1109/TrustCom.2011.22
  • Filename
    6120814
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2897708