LoongChecker: Practical Summary-Based Semi-simulation to Detect Vulnerability in Binary Code
- Resource Type
- Conference
- Authors
- Cheng, Shaoyin; Yang, Jun; Wang, Jiajie; Wang, Jinding; Jiang, Fan
- Source
- 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications Trust, Security and Privacy in Computing and Communications (TrustCom), 2011 IEEE 10th International Conference on. :150-159 Nov, 2011
- Subject
- Communication, Networking and Broadcast Technologies
Computing and Processing
Registers
Binary codes
Reactive power
Security
Software
Buildings
Assembly
Semi-simulation
static analysis
binary code
vulnerability detection
taint analysis
function summary
- Language
- ISSN
- 2324-898X
2324-9013
The automatic detection of security vulnerabilities in binary code is challenging and lacks efficient tools. This paper presents a novel semi-simulation approach to statically detect potential vulnerabilities in binary code. The semi-simulation approach simulates address related instructions accurately using value set analysis, and only traces data dependence on other instructions using data dependence analysis. We have implemented this approach on a tool called LoongChecker, and evaluate it on three real world programs, and detect three known vulnerabilities and two zero-day vulnerabilities. The results show our approach is practical and can be applied to large real world software.