Binary program taint analysis optimization method based on function summary
Taint analysis is a popular software analysis method, which has been widely used in the field of information security.Most of the existing binary program dynamic taint analysis frameworks use instruction-level instrumentation analysis methods, which usually generate huge performance overhead and red...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
POSTS&TELECOM PRESS Co., LTD
2023-04-01
|
| Series: | 网络与信息安全学报 |
| Subjects: | |
| Online Access: | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2023026 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841529700320542720 |
|---|---|
| author | Pan YANG Fei KANG Hui SHU Yuyao HUANG Xiaoshao LYU |
| author_facet | Pan YANG Fei KANG Hui SHU Yuyao HUANG Xiaoshao LYU |
| author_sort | Pan YANG |
| collection | DOAJ |
| description | Taint analysis is a popular software analysis method, which has been widely used in the field of information security.Most of the existing binary program dynamic taint analysis frameworks use instruction-level instrumentation analysis methods, which usually generate huge performance overhead and reduce the program execution efficiency by several times or even dozens of times.This limits taint analysis technology’s wide usage in complex malicious samples and commercial software analysis.An optimization method of taint analysis based on function summary was proposed, to improve the efficiency of taint analysis, reduce the performance loss caused by instruction-level instrumentation analysis, and make taint analysis to be more widely used in software analysis.The taint analysis method based on function summary used function taint propagation rules instead of instruction taint propagation rules to reduce the number of data stream propagation analysis and effectively improve the efficiency of taint analysis.For function summary, the definition of function summary was proposed.And the summary generation algorithms of different function structures were studied.Inside the function, a path-sensitive analysis method was designed for acyclic structures.For cyclic structures, a finite iteration method was designed.Moreover, the two analysis methods were combined to solve the function summary generation of mixed structure functions.Based on this research, a general taint analysis framework called FSTaint was designed and implemented, consisting of a function summary generation module, a data flow recording module, and a taint analysis module.The efficiency of FSTaint was evaluated in the analysis of real APT malicious samples, where the taint analysis efficiency of FSTaint was found to be 7.75 times that of libdft, and the analysis efficiency was higher.In terms of accuracy, FSTaint has more accurate and complete propagation rules than libdft. |
| format | Article |
| id | doaj-art-57663071975e4e948ec96ff974f73b34 |
| institution | Kabale University |
| issn | 2096-109X |
| language | English |
| publishDate | 2023-04-01 |
| publisher | POSTS&TELECOM PRESS Co., LTD |
| record_format | Article |
| series | 网络与信息安全学报 |
| spelling | doaj-art-57663071975e4e948ec96ff974f73b342025-01-15T03:16:21ZengPOSTS&TELECOM PRESS Co., LTD网络与信息安全学报2096-109X2023-04-01911513159576250Binary program taint analysis optimization method based on function summaryPan YANGFei KANGHui SHUYuyao HUANGXiaoshao LYUTaint analysis is a popular software analysis method, which has been widely used in the field of information security.Most of the existing binary program dynamic taint analysis frameworks use instruction-level instrumentation analysis methods, which usually generate huge performance overhead and reduce the program execution efficiency by several times or even dozens of times.This limits taint analysis technology’s wide usage in complex malicious samples and commercial software analysis.An optimization method of taint analysis based on function summary was proposed, to improve the efficiency of taint analysis, reduce the performance loss caused by instruction-level instrumentation analysis, and make taint analysis to be more widely used in software analysis.The taint analysis method based on function summary used function taint propagation rules instead of instruction taint propagation rules to reduce the number of data stream propagation analysis and effectively improve the efficiency of taint analysis.For function summary, the definition of function summary was proposed.And the summary generation algorithms of different function structures were studied.Inside the function, a path-sensitive analysis method was designed for acyclic structures.For cyclic structures, a finite iteration method was designed.Moreover, the two analysis methods were combined to solve the function summary generation of mixed structure functions.Based on this research, a general taint analysis framework called FSTaint was designed and implemented, consisting of a function summary generation module, a data flow recording module, and a taint analysis module.The efficiency of FSTaint was evaluated in the analysis of real APT malicious samples, where the taint analysis efficiency of FSTaint was found to be 7.75 times that of libdft, and the analysis efficiency was higher.In terms of accuracy, FSTaint has more accurate and complete propagation rules than libdft.http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2023026function summarytaint analysisdata flow analysisFSTaint |
| spellingShingle | Pan YANG Fei KANG Hui SHU Yuyao HUANG Xiaoshao LYU Binary program taint analysis optimization method based on function summary 网络与信息安全学报 function summary taint analysis data flow analysis FSTaint |
| title | Binary program taint analysis optimization method based on function summary |
| title_full | Binary program taint analysis optimization method based on function summary |
| title_fullStr | Binary program taint analysis optimization method based on function summary |
| title_full_unstemmed | Binary program taint analysis optimization method based on function summary |
| title_short | Binary program taint analysis optimization method based on function summary |
| title_sort | binary program taint analysis optimization method based on function summary |
| topic | function summary taint analysis data flow analysis FSTaint |
| url | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2023026 |
| work_keys_str_mv | AT panyang binaryprogramtaintanalysisoptimizationmethodbasedonfunctionsummary AT feikang binaryprogramtaintanalysisoptimizationmethodbasedonfunctionsummary AT huishu binaryprogramtaintanalysisoptimizationmethodbasedonfunctionsummary AT yuyaohuang binaryprogramtaintanalysisoptimizationmethodbasedonfunctionsummary AT xiaoshaolyu binaryprogramtaintanalysisoptimizationmethodbasedonfunctionsummary |