减少闭源软件中的漏洞

Zhen Huang, Gang Tan, Xiaowei Yu
{"title":"减少闭源软件中的漏洞","authors":"Zhen Huang, Gang Tan, Xiaowei Yu","doi":"10.4108/eetss.v8i30.253","DOIUrl":null,"url":null,"abstract":"Many techniques have been proposed to harden programs with protection mechanisms to defend against vulnerability exploits. Unfortunately the vast majority of them cannot be applied to closed source software because they require access to program source code. This paper presents our work on automatically hardening binary code with security workarounds, a protection mechanism that prevents vulnerabilities from being triggered by disabling vulnerable code. By working solely with binary code, our approach is applicable to closed source software. To automatically synthesize security workarounds, we develop binary program analysis techniques to identify existing error handling code in binary code, synthesize security workarounds in the form of binary code, and instrument security workarounds into binary programs. We designed and implemented a prototype or our approach for Windows and Linux binary programs. Our evaluation shows that our approach can apply security workarounds to an average of 69.3% of program code and the security workarounds successfully prevents exploits to trigger real-world vulnerabilities.","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"50 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-08-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Mitigating Vulnerabilities in Closed Source Software\",\"authors\":\"Zhen Huang, Gang Tan, Xiaowei Yu\",\"doi\":\"10.4108/eetss.v8i30.253\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Many techniques have been proposed to harden programs with protection mechanisms to defend against vulnerability exploits. Unfortunately the vast majority of them cannot be applied to closed source software because they require access to program source code. This paper presents our work on automatically hardening binary code with security workarounds, a protection mechanism that prevents vulnerabilities from being triggered by disabling vulnerable code. By working solely with binary code, our approach is applicable to closed source software. To automatically synthesize security workarounds, we develop binary program analysis techniques to identify existing error handling code in binary code, synthesize security workarounds in the form of binary code, and instrument security workarounds into binary programs. We designed and implemented a prototype or our approach for Windows and Linux binary programs. Our evaluation shows that our approach can apply security workarounds to an average of 69.3% of program code and the security workarounds successfully prevents exploits to trigger real-world vulnerabilities.\",\"PeriodicalId\":335727,\"journal\":{\"name\":\"EAI Endorsed Trans. Security Safety\",\"volume\":\"50 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-08-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"EAI Endorsed Trans. Security Safety\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.4108/eetss.v8i30.253\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"EAI Endorsed Trans. Security Safety","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4108/eetss.v8i30.253","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

摘要

已经提出了许多技术,通过保护机制来强化程序,以防御漏洞利用。不幸的是,它们中的绝大多数不能应用于闭源软件,因为它们需要访问程序源代码。本文介绍了我们在使用安全解决方案自动强化二进制代码方面的工作,这是一种保护机制,可以防止通过禁用易受攻击的代码来触发漏洞。通过单独处理二进制代码,我们的方法适用于闭源软件。为了自动合成安全解决方案,我们开发了二进制程序分析技术,以识别二进制代码中存在的错误处理代码,以二进制代码的形式合成安全解决方案,并将安全解决方案导入二进制程序。我们为Windows和Linux二进制程序设计并实现了我们的方法的原型。我们的评估表明,我们的方法可以对平均69.3%的程序代码应用安全解决方案,并且安全解决方案成功地阻止了触发现实世界漏洞的攻击。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Mitigating Vulnerabilities in Closed Source Software
Many techniques have been proposed to harden programs with protection mechanisms to defend against vulnerability exploits. Unfortunately the vast majority of them cannot be applied to closed source software because they require access to program source code. This paper presents our work on automatically hardening binary code with security workarounds, a protection mechanism that prevents vulnerabilities from being triggered by disabling vulnerable code. By working solely with binary code, our approach is applicable to closed source software. To automatically synthesize security workarounds, we develop binary program analysis techniques to identify existing error handling code in binary code, synthesize security workarounds in the form of binary code, and instrument security workarounds into binary programs. We designed and implemented a prototype or our approach for Windows and Linux binary programs. Our evaluation shows that our approach can apply security workarounds to an average of 69.3% of program code and the security workarounds successfully prevents exploits to trigger real-world vulnerabilities.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信