HYBit:A Hybrid Taint Analyzing Framework for Binary Programs
For the purpose of discovering security flaws in software, many dynamic and static taint analyzing techniques have been proposed.The dynamic techniques can precisely find the security flaws of the software; but it suffers from substantial runtime overhead.On the other hand, the static techniques require no runtime overhead; but it is often not accurate enough.In this paper, we propose HYBit, a novel hybrid framework which integrates dynamic and static taint analysis to diagnose the security flaws for binary programs.In the framework, the source binary is first analyzed by the dynamic taint analyzer; then, with the runtime information provided by its dynamic counterpart, the static taint analyzer can process the unexecuted part of the target program easily.Furthermore, a taint behavior filtration mechanism is proposed to optimize the performance of the framework.We evaluate our framework from three perspectives: efficiency, coverage, and effectiveness, and the results are encouraging.
Binary Taint Analysis Dynamic Analysis Static Analysis Software Haw/Vulnerability Security
Erzhou Zhu Haibing Guan Alei Liang Rongbin Xu Xuejian Li Feng Liu
Key Laboratory of Intelligent Computing and Signal Processing of Ministry of Education & School of C Shanghai Key Laboratory of Scalable Computing and Systems,Shanghai Jiao Tong University, Shanghai, C
国际会议
4th international Conference,ICSI2013(第4届群体智能国际会议)
哈尔滨
英文
232-239
2013-06-12(万方平台首次上网日期,不代表论文的发表时间)