바이너리 기반 자동 취약점 분석 도구 구현 및 성능개선

Abstract

An automatic vulnerability analysis tool enables efficient analysis of binary code to automatically detect various types of security vulnerabilities. The dynamic binary analysis techniques used to implement these tools are more accurate than the static binary analysis techniques, but they are very resource intensive to execute and cause severe performance degradation. In particular, this performance degradation is due to the fact that all instructions affected by the input value must be traced during the analysis. In this paper, we present an automatic vulnerability analysis tool that alleviates previously introduced problems. The proposed tool implements two optimization techniques. First, it removes unnecessary operation by first identifying repeatedly executed instructions as blocks and safely removing them from analysis. Second, it implements Concolic Execution method in which only traced objects are set as symbols and included to the analysis. The proposed binary-based Concolic Execution, we claim, has another significance in providing user-friendly environment in that existing tools mandate users to understand and analyze binary code in order to efficiently use the analysis tools.