Top

Mobile Networks and Applications

Published in:

06-01-2020

Research on Intelligent Detection of Command Level Stack Pollution for Binary Program Analysis

Authors: Hui Lu, Chengjie Jin, Xiaohan Helu, Man Zhang, Yanbin Sun, Yi Han, Zhihong Tian

Published in: Mobile Networks and Applications | Issue 4/2021

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

How to efficiently and reasonably analyze binary programs has always been the primary issue in the field of software security. As for the stack, the current technology has begun to show limitations on various conditions. In this work, we will introduce a technique for intelligently detecting the stack space and operating its readable and writable area (referred to as stack pollution). We innovatively defined the concept of “stack pollution” and raised the level of analysis from byte level to instruction level: Control flow recovery and instruction promotion based on the McSema tool. The “stack pollution” technology is a process of intelligently and intact “polluting” the required research space objects, solving the three stack space constraints by modifying SEM (semantic functions) interpretation of the instructions in the promotion process.

previous article MF-CNN: a New Approach for LDoS Attack Detection Based on Multi-feature Fusion and CNN

next article ShadowFPE: New Encrypted Web Application Solution Based on Shadow DOM

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

ATZelektronik

Die Fachzeitschrift ATZelektronik bietet für Entwickler und Entscheider in der Automobil- und Zulieferindustrie qualitativ hochwertige und fundierte Informationen aus dem gesamten Spektrum der Pkw- und Nutzfahrzeug-Elektronik.

Lassen Sie sich jetzt unverbindlich 2 kostenlose Ausgabe zusenden.

inform now

ATZelectronics worldwide

ATZlectronics worldwide is up-to-speed on new trends and developments in automotive electronics on a scientific level with a high depth of information.

Order your 30-days-trial for free and without any commitment.

inform now

Wang M, Shi L, Liu L, Ahmed M, Panneerselvan J (2018) Hybrid recommendation–based quality of service prediction for sensor services [J]. Int J Distrib Sensor Netw 14:1550147718774012

Padhye R, Lemieux C, Sen K, Papadakis M, Traon YL (2019) Semantic fuzzing with zest [C]. In: ACM symposium on software testing and analysis (ISSTA’19). https://doi.org/10.1145/3293882.3330576.2019

Bohme M, Paul S (2016) A probabilistic analysis of the effificiency of automated software testing. IEEE Trans Softw Eng 42(4):345–360CrossRef

Bohme M (2019) Assurances in software testing: A roadmap. In: Proceedings of the 41st International Conference on Software Engineering, ser. ICSE 2019, pp 1–4

Li J, Huang Y, Wei Y et al (2019) Searchable symmetric encryption with forward search privacy [J]. IEEE Transactions on Dependable and Secure Computing, pp.1–1. https://doi.org/10.1109/TDSC.2019.2894411

Liu Z, Li B, Huang Y et al (2019) NewMCOS: towards a practical multi-cloud oblivious storage scheme[J]. IEEE Trans Knowl Data Eng

Tian Z, Su S, Shi W, Du X, Guizani M, Yu X (2019) A data-driven method for future internet route decision modeling. Futur Gener Comput Syst 95:212–220CrossRef

Schwartz EJ, Avgerinos T, Brumley D (2010) All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In: Proceedings of the 2010 IEEE Symposium on Security and Privacy, ser. SP ‘10. Washington, DC, USA: IEEE Computer Society, pp 317–331. [Online]. Available: https://doi.org/10.1109/SP.2010.26

Orciuoli F, Parente M (2017) An ontology-driven context-aware recommender system for indoor shopping based on cellular automata. J Ambient Intell Humaniz Comput 8:937–955CrossRef

10.

Tian Z, Li M, Qiu M, Sun Y, Su S (2019) Block-DEF: A secure digital evidence framework using Blockchain. Inf Sci 491:151–165. https://doi.org/10.1016/j.ins.2019.04.011CrossRef

11.

Prahlad A, Schwartz JA (2018) Systems and methods for performing storage operations using network attached storage: U.S. Patent Application 15/607,192[P]

12.

Tang X, Song T, Wang K et al (2019) Fine-grained access control on android through behavior monitoring[M]//advances in computer communication and computational sciences. Springer, Singapore, pp 525–532

13.

Luo X, Liu D, Wu X et al (2018) Making Userspace TCP stacks transparent to applications[C]//2018 IEEE Intl Conf on parallel & distributed processing with applications, Ubiquitous Computing & Communications, big Data & Cloud Computing, Social Computing & Networking, Sustainable Computing & Communications (ISPA/IUCC/BDCloud/SocialCom/SustainCom). IEEE, pp 651–658

14.

Davi L, Liebchen C, Sadeghi AR et al (2015) Isomeron: code randomization resilient to (just-in-time) return-oriented programming[C]//NDSS

15.

Chen T, Feng Y, Lin X et al (2018) DBAF: dynamic binary analysis framework and its applications[C]//international conference on network and system security. Springer, Cham, 361–375

16.

Liu Z, Huang Y, Li J et al (2018) DivORAM: towards a practical oblivious RAM with variable block size[J]. Inf Sci 447:1–11CrossRef

17.

The LLVM Compiler Infrastructure. https://llvm.org/docs/GettingStarted.html

18.

Bohme M, Pham V-T, Nguyen M-D, Roychoudhury A (2017) Directed greybox fuzzing. In: Proceedings of the ACM SIGSAC conference on computer and communications security (CCS)

19.

Tian Z, Gao X, Su S, Qiu J, Du X, Guizani M (2019) Evaluating reputation management schemes of internet of vehicles based on evolutionary game theory. IEEE Trans Veh Technol 68(6):5971–5980CrossRef

20.

Tian Z, Shi W, Wang Y, Zhu C, Du X, Su S, Sun Y, Guizani N (2019) Real time lateral movement detection based on evidence reasoning network for edge computing environment. IEEE Transactions on Industrial Informatics 15(7):4285–4294CrossRef

21.

Bao T, Wang R, Shoshitaishvili Y et al (2017) Your exploit is mine: automatic shellcode transplant for remote exploits[C]//2017 IEEE symposium on security and privacy (SP). IEEE, pp 824–839

22.

Hori A, Si M, Gerofi B et al (2018) Process-in-process: techniques for practical address-space sharing[C]//Proceedings of the 27th international symposium on high-performance parallel and distributed computing. ACM, pp 131–143

23.

Cowan C, Pu C, Maier D, Hinton H, Walpole J, Bakke P, Beattie S, Grier A, Wagle P, Zhang Q (1997) StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. Presented at the proceedings of the 7th USENIX Security Symposium, San Antonio, Texas, vol 81, pp 346–355

24.

‘/GS’-Buffer security check. Microsoft. https://msdn.microsoft.com/zh-cn/windows/desktop/8dbf701c

25.

Prasad M, Chiueh T-C (2003) A Binary Rewriting Defense Against Stack based Buffer Overflow Attacks. Presented at the Proceedings of the Grneral Track: 2003 USENIX annual technical conference, San Anonio, Texas, USA, pp 211–224

26.

Abadi M, Budiu M, Erlingsson Ú, Ligatti J (2005) Control-flow integrity,” presented at the the 12th ACM conference on Computer and Communication Security (CCS’05), New York, New York, USA, p 340

27.

Dang THY, Maniatis P, Wagner D (2015) The performance cost of shadow stacks and stack canaries[C]//Proceedings of the 10th ACM symposium on information, computer and communications security. ACM, pp 555–566

28.

Bohme M, Pham V-T, Roychoudhury A (2016) Coverage-based greybox fuzzing as markov chain. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS), pp 1032–1043

29.

Gan S, Zhang C, Qin X, Tu X, Li K, Pei Z, Chen Z. Collafl: Path sensitive fuzzing. In: 2018 IEEE Symposium on Security and Privacy (SP), vol 00, pp 660–677

30.

Godefroid P, Peleg H, Singh R (2017) Learn&fuzz: machine learning for input fuzzing. In: 32nd IEEE/ACM international conference on automated software engineering (ASE)

31.

Dolan-Gavitt B, Hulin P, Kirda E, Leek T, Mambretti A, Robertson WK, Ulrich F, Whelan R (2016) LAVA: large-scale automated vulnerability addition. In: IEEE Symposium on Security and Privacy. IEEE Computer Society, pp 110–121

32.

Qiu J, Du L, Zhang D, Su S, Tian Z (2019) Nei-TTE: intelligent traffic time estimation based on fine-grained time derivation of road segments for smart city. IEEE Transactions on Industrial Informatics. https://doi.org/10.1109/TII.2019.2943906

Title: Research on Intelligent Detection of Command Level Stack Pollution for Binary Program Analysis
Authors: Hui Lu
Chengjie Jin
Xiaohan Helu
Man Zhang
Yanbin Sun
Yi Han
Zhihong Tian
Publication date: 06-01-2020
Publisher: Springer US
Published in: Mobile Networks and Applications / Issue 4/2021
Print ISSN: 1383-469X
Electronic ISSN: 1572-8153
DOI: https://doi.org/10.1007/s11036-019-01507-0

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

ATZelektronik

ATZelectronics worldwide

Other articles of this Issue 4/2021

A Reliable Link-Adaptive Position-Based Routing Protocol for Flying ad hoc Network

An Efficient Bounded Model Checking Approach for Web Service Composition

ShadowFPE: New Encrypted Web Application Solution Based on Shadow DOM

Intrusion Detection System for IoT Heterogeneous Perceptual Network

Malware Detection Based on Multi-level and Dynamic Multi-feature Using Ensemble Learning at Hypervisor

An Efficient Scheme of Cloud Data Assured Deletion