Journal of Information Security Reserach ›› 2023, Vol. 9 ›› Issue (4): 364-.

Previous Articles     Next Articles

Research on Loop Security Problem in Binary Programs


  • Online:2023-04-01 Published:2023-03-30



  1. (中国信息安全测评中心北京100085)

Abstract: Loop is a common structure in programs and improperly using loop is one of the most important reasons resulting in security problems, making detecting loop security problem is important and valuable. As the path state explosion and loop modeling problems in binary code, statically analyzing of loop security is extremely challenging, and traditional methods are unable to solve these problem. In this paper, we proposed a detecting method for loop security problems based on binary static analyzing,having the ability of detecting out of bound memory access in loop and infinite loop problem. Firstly, we present an accurate extracting and recovering method of loop factors in binary based on analyzing of loop structure and then multiple path explore strategies are utilized to solving the path state explosion and sorting problem. Moreover, we propose a function summary method based on static concrete execution to solving constraints growing problem caused by induction function invoking in loops. Finally, we proposed an inductive analysis method based on loop predicates to detect insecure loop in binary. We have applied our methods on ten real world programs and compared with Angr. The experimental results turn out that our method is capable of detecting more loop problems than Angr.

Key words: loop security, static analysis, symbolic execution, path searching, induction function

摘要: 循环是软件程序中的常见结构,对循环使用不当是造成程序安全问题的重要因素之一,循环安全问题检测对提升软件安全性具有重要意义.在二进制程序中,路径状态爆炸、循环建模等问题使得针对循环安全性的静态分析面临诸多挑战,传统方法对这些问题的处理能力相对不足.提出并实现了一种基于二进制程序静态分析的循环安全问题检测方法,能够对循环内存读写越界与循环不终止问题进行检测.首先,对二进制程序中的循环结构进行分析,提出一种基于控制流图的循环要素识别与提取方法;接着,提出专用于循环分析的多种路径搜索策略,对循环从入口到出口的路径进行排序与探测;然后,提出一种基于静态具体执行的函数建模方法,可有效解决循环中归纳函数调用引发的约束扩张问题.最后,提出一种循环谓词差分归纳分析方法检测二进制程序中由循环引发的安全问题.将该检测方法应用到真实程序中并与Angr作对比实验,结果表明该方法在循环安全问题检测方面具备较强的检测能力,可检测的循环安全问题数比Angr更多.

关键词: 循环安全, 静态分析, 符号执行, 路径搜索, 归纳函数

CLC Number: