Dynamic binary analyzer for scanning vulnerabilities with taint analysis

Abstract

In this paper, we introduce an overview of a dynamic binary analyzer for scanning vulnerabilities by performing taint analysis. People have been using the traditional security programs of pattern matching technique such as anti-virus and anti-spyware to protect their computer from malicious code. These security programs, however, cannot completely scan malicious behaviors attacking through the unknown vulnerability and are hard to protect from the attacks using self-modifying code which changes its own codes during runtime. To prevent these security risks, we develop the dynamic binary analyzer that can find these unknown vulnerabilities and self-modifying code. We adopt taint analysis to find vulnerabilities that transpire during runtime. Also using taint analysis let us check what effects have been occurred to programs by the input data and how they do spread widely to across the resources in an operating system. Adopting the dynamic analysis that drives and analyzes the system only in virtual machine circumstance through the emulator can make us detect the falsification of program code in program operational process. So we describe the framework of our analyzer and then explain the execution process and output of each process by using three test case demonstrations. Furthermore, we introduce several test cases of the security vulnerability for the demonstration and explain the results of proposed analyzer on test cases. The dynamic binary analyzer for scanning vulnerabilities with taint analysis (1) can find out existed security vulnerabilities in binary file, (2) can monitor all the actions of the binary file that affects operating system and (3) can be an expandable tool through the additional security element and policy.