Research and development of interprocedural algorithms for defect searching in executable program code
Grigoriy Sergeevich Ivanov,
Pavel Michaylovich Palchikov,
Artem Yuryevich Tarasov,
Gleb Stanislavovich Akimov,
Hayk Karenovich Aslanyan,
Vahagn Gevorgovich Vardanyan,
Mariam Seropovna Arutunyan,
Grigor Sosovich Keropyan https://doi.org/10.15514/ISPRAS-2019-31(6)-5
Abstract
Recently, more and more software companies are interested in tools to improve the stability and security of their product. The closed libraries and third-party applications used by developers may contain defects, the use of which by an attacker or by a user may lead to a violation of the stability and security of the application. In some cases, the source code of the problem areas may be missing. At the moment, static methods for finding defects in code are gaining popularity, which allow finding defects that are unattainable for dynamic methods. Static methods are algorithms for studying a static model of a program, including a call graph, control flow, data flow. Studying binary code involves restoring a static model of a program from a binary file by disassembling, restoring function boundaries, translating it into an intermediate representation, and restoring a call graph. Defects in modern code bases, as a rule, appear only on a certain set of paths in the call graph, which requires interprocedural algorithms for finding defects. The aim of this work is to develop methods of interprocedural algorithms for finding defects in binary code that have good scalability, a set of supported architectures, and acceptable accuracy. Algorithms are developed based on ISP RAS Binside tool.
Supporting agencies: The work is supported by RFBR, grant 18-07-01154.
About the Authors
Grigoriy Sergeevich Ivanov
Ivannikov Institute for System Programming of the Russian Academy of Sciences,
Moscow Aviation Institute (National Research University)
Russian Federation
Senior assistant of ISP RAS, MAI student
Russian Federation
Senior assistant of ISP RAS, MAI student
Pavel Michaylovich Palchikov
Bauman Moscow State Technical University
Russian Federation
BMSTU student
Russian Federation
BMSTU student
Artem Yuryevich Tarasov
Bauman Moscow State Technical University
Russian Federation
BMSTU student
Russian Federation
BMSTU student
Gleb Stanislavovich Akimov
Bauman Moscow State Technical University
Russian Federation
BMSTU student
Russian Federation
BMSTU student
Hayk Karenovich Aslanyan
Russian-Armenian University
Armenia
Lesearcher, Lecturer, Ph.D in physical and mathematical science
Armenia
Lesearcher, Lecturer, Ph.D in physical and mathematical science
Vahagn Gevorgovich Vardanyan
Russian-Armenian University
Armenia
Researcher, Lecturer, Ph.D in technical sciences
Armenia
Researcher, Lecturer, Ph.D in technical sciences
Mariam Seropovna Arutunyan
Russian-Armenian University
Armenia
Researcher, Lecturer, Ph.D student
Armenia
Researcher, Lecturer, Ph.D student
Grigor Sosovich Keropyan
Russian-Armenian University
Armenia
Researcher, Master student
Armenia
Researcher, Master student
References
1. David Brumley, Ivan Jager, Thanassis Avgerinos, and Edward J. Schwartz. BAP: a binary analysis platform. In Proc. of the 23rd International Conference on Computer Aided Verification, 2011, pp. 463-469.
2. BinaryAnalysisPlatform / bap. Available at https://github.com/BinaryAnalysisPlatform/bap, accessed 10.12.2019.
3. programa-stic / barf-project. Available at https://github.com/programa-stic/barf-project, accessed 10.12.2019.
4. Thomas Dullien, Sebastian Porst. REIL: A platform-independent intermediate representationof disassembled code for static code analysis. In Proc. of the CanSecWest Conference, 2009, 7 p.
5. Mitre. Available at https://cwe.mitre.org/, accessed 10.12.2019.
6. V. P. Ivannikov, A. A. Belevantsev, A. E. Borodin, V. N. Ignatiev, D. M. Zhurikhin, A. I. Avetisyan. Static analyzer Svace for finding defects in a source program code. Programming and Computer Software, vol. 40, issue 5. 2014, pp. 265-275. DOI: 10.1134/S0361768814050041.
7. BINSIDE. Инструмент обнаружения дефектов в программе методами статического анализа исполняемого кода. Режим доступа: https://www.ispras.ru/technologies/binside/, дата обращения 10.12.2019 / BINSIDE. Static binary code analysis tool. Available at https://www.ispras.ru/en/technologies/binside/, accessed 10.12.2019.
8. IDA Pro. Available at https://www.hex-rays.com/, accessed 10.12.2019.
9. Chris Eagle. The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler. 2nd edition. No Starch Press, 2011, 672 p.
10. G. Balakrishnan and T. Reps. WYSINWYX: What You See Is Not What You Execute. ACM Transactions on Programming Languages and Systems, 2010, Article No. 23.
11. Balakrishnan G., Reps T. Analyzing Memory Accesses in x86 Executables. Lecture Notes in Computer Science, vol. 2985, 2004, pp. 5-23.
12. Кошелев В.К., Избышев А.О, Дудина И.А. Межпроцедурный анализ помеченных данных на базе инфраструктуры LLVM. Труды ИСП РАН, том 26, вып. 2, 2014 г., стр. 97-118 / Koshelev V.K., Izbyshev A.O., Dudina I.A. Interprocedural taint analysis for LLVM-bitcode. Trudy ISP RAN/Proc. ISP RAS, vol. 26, issue 2, 2014, pp. 97-118 (in Russian). DOI: 10.15514/ISPRAS-2014-26(2)-4.
13. Тихонов А.Ю., Аветисян А.И. Развитие taint-анализа для решения задачи поиска программных закладок. Труды ИСП РАН, том 20, 2011 г., стр. 9-24 / Tichonov A.Y., Avetisyan A.I. Development of taint-analysis methods to solve the problem of searching of undeclared features. Trudy ISP RAN/Proc. ISP RAS, vol. 20, 2011, pp. 9-24 (in Russian).
14. Беляев М.В., Шимчик Н.В., Игнатьев В.Н., Белеванцев А.А. Сравнительный анализ двух подходов к статическому анализу помеченных данных. Труды ИСП РАН, том 29, вып. 3, 2017 г., стр. 99-116 / M.V. Belyaev, N.V. Shimchik, V.N. Ignatyev, A.A. Belevantsev Comparative analysis of two approaches to the static taint analysis. Trudy ISP RAN/Proc. ISP RAS, vol. 29, issue 3, 2017, pp. 99-116. DOI: 10.15514/ISPRAS-2017-29(3)-7.
15. Angr. Available at https://github.com/angr/angr, accessed 10.12.2019
16. Статический анализатор Svace. Промышленный поиск критических ошибок в безопасном цикле разработки программ. Режим доступа: https://www.ispras.ru/technologies/svace /, дата обращения 10.12.2019 / Svace Static Analyzer. Finding critical program errors in production within secure development lifecycles. Available at https://www.ispras.ru/en/technologies/svace/, accessed 10.12.2019.
17. Bjarne Stroustrup. The C++ Programming Language: Special Edition (3rd Edition). Addison-Wesley Professional, 2000, 1030 p.
Review
For citations:
Ivanov G.S., Palchikov P.M., Tarasov A.Yu., Akimov G.S., Aslanyan H.K., Vardanyan V.G., Arutunyan M.S., Keropyan G.S. Research and development of interprocedural algorithms for defect searching in executable program code. Proceedings of the Institute for System Programming of the RAS (Proceedings of ISP RAS). 2019;31(6):89-98. (In Russ.) https://doi.org/10.15514/ISPRAS-2019-31(6)-5
Email this article 