面向二进制程序的静态结构化符号执行与动态组合方法研究

项目名称： 面向二进制程序的静态结构化符号执行与动态组合方法研究

项目编号： No.61502536

项目类型： 青年科学基金项目

立项/批准年度： 2016

项目学科： 自动化技术、计算机技术

项目作者： 马金鑫

作者单位： 中国信息安全测评中心

项目金额： 20万元

中文摘要： 符号执行是软件漏洞分析技术中的研究热点之一，在网络信息安全领域中具有重大意义与实际应用价值。传统的符号执行方法存在瓶颈，表现在：静态符号执行存在非确定引用问题，而动态符号执行方法存在执行效率、路径覆盖率偏低等问题。为解决这些问题，本项目首先提出一种静态结构化符号执行方法，以自上而下的思想对二进制程序的路径格局进行搜索，在函数内部进行符号执行并生成函数摘要集合与安全属性集合；然后重点研究了动态符号执行的多种优化技术，在路径搜索、执行效率等方面均进行了改进；最后提出了动静态有机组合、相互验证的符号执行方法，以静态结构化符号执行产生的结果制导动态符号执行，以动态符号执行的实际运行状态来完善静态结构化符号执行，从而处理传统动静态符号执行各自存在的关键问题。以上述方法为基础，实现一款有效、实用的软件漏洞分析工具，为软件的安全性测试与评估提供技术支撑。

中文关键词： 漏洞分析；符号执行；安全属性集；函数摘要集；中间表示

英文摘要： Symbolic execution method is one of the hot spots of the research on software vulnerability analysis, which plays an important role in the network information security. Currently, traditional symbolic execution methods exist bottleneck that static symbolic execution has the disadvantage of non-determined references and dynamic symbolic execution has the disadvantage of low execution efficiency and low code coverage. In order to solve these problems of symbolic execution, this project proposed a novel static structural symbolic execution, in which the routines of programs are executed symbolically with a top to bottom way. Symbolic execution inside functions produce function summary set and security property set; then researched several optimization scheme of dynamic symbolic execution, improving on path searching, execution efficiency, and etc.; proposed a static and dynamic combined symbolic execution method to solve the disadvantage of traditional symbolic execution with verifying each other. The results produced by static symbolic execution could guide the dynamic symbolic execution and the execution states in dynamic symbolic execution could improve the symbolic execution. Based the methods presented in this project, we would implement effective and practical vulnerability analysis technique, delivering strict software testing and evaluation, which has high practical value on enhancing the software’s security.

英文关键词： Vulnerability Analysis;Symbolic Execution;Security Property Set;Function Summary Set;Intermediate Representation