Αυτοματοποιημένη ανάλυση binary αρχείων : ανάπτυξη Script για την ανίχνευση ευπαθειών
Automated binary file analysis : developing a Script for vulnerability detection
View/
Keywords
Δυαδικά αρχεία ; Στατική ανάλυση ; Αυτοματοποιημένη αξιολόγηση ασφάλειας ; Ανίχνευση ευπαθειών ; Εργαλεία γραμμής εντολών ; Binary files ; Static analysis ; Automated security assessment ; Vulnerability detection ; Command line toolsAbstract
Despite being a problem for decades, binary exploitation remains a serious issue in computer
security. This is mainly due to the existence of memory corruption bugs in programs written in
insecure but irreplaceable programming languages, such as C and C++. Software is often written
for one specific purpose and reused for others. This often happens in the form of pre-compiled
libraries. This is certainly the case in ICS environments, where updates are rare and the cost of
downtime is high. Code reuse certainly has its benefits, such as reducing code development time
or, if the library used is open source, the advantage of being checked by many people for errors
before use. However, code reuse also has its disadvantages. For example, a code library may have
been developed many years ago and is still used in a particular project, while it may no longer be
supported and is used simply because it “works”. In addition, other old and forgotten pieces of
code may find their way into a project as the project is worked on by dierent developers. The
problem with these examples is that these pieces of code may, unbeknownst to the developers,
carry vulnerabilities with them. These vulnerabilities can, in turn, compromise the entire project.
This paper focuses on static binary analysis, with the aim of developing an automated tool that will
facilitate vulnerability detection and security assessment.