Browse > Article
http://dx.doi.org/10.13089/JKIISC.2019.29.5.1039

Static Analysis Based on Backward Control Flow Graph Generation Method Model for Program Analysis  

Park, Sunghyun (Interdisciplinary Program of Information Security, Chonnam National University)
Kim, Yeonsu (Interdisciplinary Program of Information Security, Chonnam National University)
Noh, Bongnam (Interdisciplinary Program of Information Security, Chonnam National University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.29, no.5, 2019 , pp. 1039-1048 More about this Journal
Abstract
Symbolic execution, an automatic search method for vulnerability verification, has been technically improved over the last few years. However, it is still not practical to analyze the program using only the symbolic execution itself. One of the biggest reasons is that because of the path explosion problem that occurs during program analysis, there is not enough memory, and you can not find the solution of all paths in the program using symbolic execution. Thus, it is practical for the analyst to construct a path for symbolic execution to a target with vulnerability rather than solving all paths. In this paper, we propose a static analysis - based backward CFG(Control Flow Graph) generation technique that can be used in symbolic execution for program analysis. With the creation of a backward CFG, an analyst can select potential vulnerable points, and the backward path generated from that point can be used for future symbolic execution. We conducted experiments with Linux binaries(x86), and indeed showed that potential vulnerability selection and backward CFG path generation were possible in a variety of binary situations.
Keywords
Static Analysis; Symbolic Execution; Binary Vulnerability; Control Flow Graph;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Huang, Shih-Kun, et al. "Software crash analysis for automatic exploit generation on binary programs." IEEE Transactions on Reliability 63.1 : 270-289. 2014.   DOI
2 Cadar, Cristian, et al. "Symbolic execution for software testing in practice: preliminary assessment." Proceedings of the 33rd International Conference on Software Engineering. ACM. 2011.
3 Cadar, Cristian, Daniel Dunbar, and Dawson R. Engler. "KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs." OSDI. Vol. 8. 2008.
4 Sen, Koushik, Darko Marinov, and Gul Agha. "CUTE: a concolic unit testing engine for C." ACM SIGSOFT Software Engineering Notes. Vol. 30. No. 5. ACM. 2005.
5 Godefroid, Patrice, Nils Klarlund, and Koushik Sen. "DART: directed automated random testing." ACM Sigplan Notices. Vol. 40. No. 6. ACM. 2005.
6 Burnim, Jacob, and Koushik Sen. "Heuristics for scalable dynamic test generation." Automated Software Engineering, 2008. ASE 2008. 23rd IEEE/ACM International Conference on. IEEE. 2008.
7 Chipounov, Vitaly, Volodymyr Kuznetsov, and George Candea. "S2E: a platform for in-vivo multi-path analysis of software systems." ACM SIGPLAN Notices 46.3 : 265-278. 2011.   DOI
8 Cadar, Cristian, and Koushik Sen. "Symbolic execution for software testing: three decades later." Commun. ACM 56.2 : 82-90. 2013.   DOI
9 Rohit Mothe, "DPTrace: Dual Purpose Trace for Exploitability Analysis of Program", BlackHat US. 2016.
10 Sanjay Rawat, Laurent Mounier, and Marie-Laure Potet, "Lightweight Static Taint Analysis for Binary Executables Vulnerability Testing", University of Grenoble, 2009.
11 Haller, Istvan, et al. "Dowsing for Overflows: A Guided Fuzzer to Find Buffer Boundary Violations." Presented as part of the 22nd USENIX Security Symposium pp. 49-64. 2013.
12 Neugschwandtner, "The borg: Nanoprobing binaries for buffer overreads". In Proceedings of the 5th ACM Conference on Data and Application Security and Privacy (pp.87-97). ACM. 2015
13 Static simgle assignment form, https://en.wikipedia.org/wiki/Static_single_assignment_form. 2019
14 Binary Ninja, https://binary.ninja/. 2019
15 CVE-2016-0160, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0160
16 CGC-Binary, https://github.com/CyberGrandChallenge/
17 Cha, Sang Kil, et al. "Unleashing mayhem on binary code." Security and Privacy (SP), 2012 IEEE Symposium on. IEEE. 2012.
18 Heelan, Sean. Automatic generation of control flow hijacking exploits for software vulnerabilities. 2009.
19 Avgerinos, Thanassis, et al. "Automatic exploit generation." Communications of the ACM 57.2. 2014.