İkili Yürütülebilir Uygulamalarda Arabellek Taşması Zayıflığına Neden Olan Şüpheli İkili İşlem Kod Dizilimlerinin Tespiti
Abstract
Günlük hayatımızda kullandığımız birçok
akıllı cihazı kişisel ve çevresel verilerimizle besliyor, daha işlevsel-yararlı
hale gelmelerini sağlıyoruz. İçerdikleri yazılımlar ile “akıllı” davranan bu
cihazlar çoğu zaman karar alma aşamasında bizleri yönlendirebiliyor. Günlük
hayatımızda artan “yazılım kullanma” ihtiyacı aynı zamanda saldırı yüzeyini
artırmakta ve bilinçli kullanıcılarda tedirginlik yaratabilmektedir. Bu durum
yazılımların işlevselliği kadar güvenliğini de ön plana çıkarmaktadır.
Kullandığımız yazılımın güvenlik zayıflığı içerdiğini öğrendiğimizde hızlıca ya
tamamen kullanmaktan vazgeçiyor ya da güvenlik açığı giderilmiş sürümünün
yayımlanmasını bekliyoruz. Yazılımlardaki güvenlik zayıflıklarının kullanım
öncesi tespiti hem müşteri memnuniyetini artırmakta hem de geliştiricinin
saygınlığını artırmaktadır. Bu çalışmada, ikili yürütülebilir yazılımlarda
sıkça rastlanan arabellek taşması zayıflığına neden olan şüpheli ikili işlem
kod dizilimlerinin tespitine yönelik geliştirilen yöntem ve deneysel sonuçlar
paylaşılmıştır.
References
- [1] International Organization for Standardization, "ISO/IEC TR 9126-4: Software engineering -- Product quality -- Part4: Quality in use metrics", http://www.iso.org, Son erişim tarihi: 29 Ekim 2019
- [2] International Organization for Standardization, "ISO/IEC 25010: Systems and software engineering -- Systems and software Quality Requirements and Evaluation (SQuaRE) -- System and software quality models", http://www.iso.org, Son erişim tarihi: 29 Ekim 2019
- [3] Durmuş, G. , Soğukpınar, İ ., “Makine öğrenmesi teknikleri ile ikili yürütülebilir dosyalarda arabellek taşması zayıflığı analizi için yeni bir yaklaşım”, Gazi Üniversitesi Mühendislik Mimarlık Fakültesi Dergisi , 34 (4), 1695-1704, 2019
- [4] McGraw, G., "Software Security", IEEE Security &Privacy, vol. 2, no. 2, 2004, pp. 80-83, 2004
- [5] Baca, D.,"Developing Secure Software in an Agile Process", Doctoral Dissertation in Computer Science, Blekinge Institute of Technology, 2012
- [6] Younan, Y. , “25 Years of Vulnerabilities: 1988-2012”, Research Report, Sourcefire Crop, 2013
- [7] Younan, Y., Joosen, W., Piessens F., “Code Injection in C and C++ : A Survey of Vulnerabilities and Countermeasures”, Report CW386, 2004
- [8] Akgün, F., Buluş, E., Buluş, H.N., “Yazılım Mühendisliği Açısından Uygulamalardaki Ara Bellek Taşması Zafiyetinin İncelenmesi", Elektrik-Elektronik-Bilgisayar Mühendisliği 11. Ulusal Kongresi ve Fuarı, İstanbul-TÜRKİYE", 2005
- [9] Alhazmi, O.H., Malaiya, Y.K., Ray I., "Measuring, Analyzing and Predicting Security Vulnerabilities in Software Systems", Computers & Security (2006), doi:10.1016/j.cose.2006.10.002, 2006
- [10] Ozment, A., Schechter, S.E., “Milk or Wine: Does Software Security Improve with Age?”, In the proceedings of The Fifteenth Usenix Security Symposium, July 31 - August 4 2006: Vancouver, BC, Canada, 2004
- [11] Chess, B., McGraw, G., "Static Analysis for Security", IEEE Security &, Privacy, vol. 2, no. 6, pp. 76-79., 2004
- [12] Halkidis, S.T., Tsantalis, N., Chatzigeorgiou, A., Stephanides, G., "Architectural Risk Analysis of Software Systems Based on Security Patterns", IEEE Transactions on Dependable and Secure Computing, vol. 5, no. 3, 2008
- [13] Utku A., Doğru İ.A., "Permission based detection system for android malware", Journal of the Faculty of Engineering and Architecture of Gazi University, 32 (4), 1015-1024, 2017
- [14] Jay-Evan J. Tevis, "Automatic Detection of Software Security Vulnerabilities in Executable Program Files", Doctoral Dissertation in Computer Science, Auburn University, 2005
- [15] Tevis, Jay-Evan J. et al., "Static Analysis of Anomalies and Security Vulnerabilities in Executable Files", ACM SE'06, Mar. 10-12, 2006
- [16] D.C. DuVarney, V.N. Venkatakrishnan and S. Bhatkar, "SELF: A Transparent Security Extension for ELF Binaries", Proc. New Security Paradigms Workshop, 2003
- [17] M. Cova, V. Felmetsger, G. Banks, and G. Vigna., “Static Detection of Vulnerabilities in x86 Executables", Annual Computer Security Applications Conference (ACSAC), Miami, FL, December, 2006
- [18] Balakrishnan, G.,“WYSINWYX: What You See Is Not What You eXecute”, PhD Thesis, Computer Science Department, University of Wisconsin at Madison, August 2007
- [19] Cha, S. K., Avgerinos, T., Rebert A., Brumley, D., "Unleashing MAYHEM on Binary Code", Proceedings of the 2012 IEEE Symposium on Security and Privacy, p.380-394, May 20-25, 2012
- [20] NIST Software Assurance Reference Dataset, https://samate.nist.gov/SRD/testsuite.php, Son erişim tarihi: 29 Ekim 2019
- [21] Weka 3 - Data Mining with Open Source Machine Learning Software in Java, https://www.cs.waikato.ac.nz/ml/weka, Son erişim tarihi: 29 Ekim 2019
- [22] Aydın F., Aslan Z., "Diagnosis of neuro degenerative diseases using machine learning methods and wavelet transform", Journal of the Faculty of Engineering and Architecture of Gazi University, 32 (3), 749-766, 2017
- [23] Durmus, G., “Source Code and Data Set of The Study”, http://github.com/gdurmus/, Son erişim tarihi: 29 Ekim 2019
Detection of Suspicious OpCode Sequences Causing Buffer Overflow Vulnerabilities in Binary Executable Applications
Abstract
We
feed many smart devices that we use in our daily lives with our personal and
environmental data and make them more functional and useful. These devices, which are smart with the
software they contain, can often guide us in decision-making. The increasing
“need to use software” in our daily lives also increases the attack surface and
can create doubtfulness for privacy-conscious users. This makes the software
security as important as the functionality. When we find out that the software
we use contains security vulnerability we either quickly stop using it
completely or we are waiting for the new release of the secure version.
Detection of security weaknesses in software before use increases customer
satisfaction and developer reputation. In this study, we present a new method
and its success for detecting suspicious opcode sequences which cause buffer
overflow vulnerabilities in binary executables.
References
- [1] International Organization for Standardization, "ISO/IEC TR 9126-4: Software engineering -- Product quality -- Part4: Quality in use metrics", http://www.iso.org, Son erişim tarihi: 29 Ekim 2019
- [2] International Organization for Standardization, "ISO/IEC 25010: Systems and software engineering -- Systems and software Quality Requirements and Evaluation (SQuaRE) -- System and software quality models", http://www.iso.org, Son erişim tarihi: 29 Ekim 2019
- [3] Durmuş, G. , Soğukpınar, İ ., “Makine öğrenmesi teknikleri ile ikili yürütülebilir dosyalarda arabellek taşması zayıflığı analizi için yeni bir yaklaşım”, Gazi Üniversitesi Mühendislik Mimarlık Fakültesi Dergisi , 34 (4), 1695-1704, 2019
- [4] McGraw, G., "Software Security", IEEE Security &Privacy, vol. 2, no. 2, 2004, pp. 80-83, 2004
- [5] Baca, D.,"Developing Secure Software in an Agile Process", Doctoral Dissertation in Computer Science, Blekinge Institute of Technology, 2012
- [6] Younan, Y. , “25 Years of Vulnerabilities: 1988-2012”, Research Report, Sourcefire Crop, 2013
- [7] Younan, Y., Joosen, W., Piessens F., “Code Injection in C and C++ : A Survey of Vulnerabilities and Countermeasures”, Report CW386, 2004
- [8] Akgün, F., Buluş, E., Buluş, H.N., “Yazılım Mühendisliği Açısından Uygulamalardaki Ara Bellek Taşması Zafiyetinin İncelenmesi", Elektrik-Elektronik-Bilgisayar Mühendisliği 11. Ulusal Kongresi ve Fuarı, İstanbul-TÜRKİYE", 2005
- [9] Alhazmi, O.H., Malaiya, Y.K., Ray I., "Measuring, Analyzing and Predicting Security Vulnerabilities in Software Systems", Computers & Security (2006), doi:10.1016/j.cose.2006.10.002, 2006
- [10] Ozment, A., Schechter, S.E., “Milk or Wine: Does Software Security Improve with Age?”, In the proceedings of The Fifteenth Usenix Security Symposium, July 31 - August 4 2006: Vancouver, BC, Canada, 2004
- [11] Chess, B., McGraw, G., "Static Analysis for Security", IEEE Security &, Privacy, vol. 2, no. 6, pp. 76-79., 2004
- [12] Halkidis, S.T., Tsantalis, N., Chatzigeorgiou, A., Stephanides, G., "Architectural Risk Analysis of Software Systems Based on Security Patterns", IEEE Transactions on Dependable and Secure Computing, vol. 5, no. 3, 2008
- [13] Utku A., Doğru İ.A., "Permission based detection system for android malware", Journal of the Faculty of Engineering and Architecture of Gazi University, 32 (4), 1015-1024, 2017
- [14] Jay-Evan J. Tevis, "Automatic Detection of Software Security Vulnerabilities in Executable Program Files", Doctoral Dissertation in Computer Science, Auburn University, 2005
- [15] Tevis, Jay-Evan J. et al., "Static Analysis of Anomalies and Security Vulnerabilities in Executable Files", ACM SE'06, Mar. 10-12, 2006
- [16] D.C. DuVarney, V.N. Venkatakrishnan and S. Bhatkar, "SELF: A Transparent Security Extension for ELF Binaries", Proc. New Security Paradigms Workshop, 2003
- [17] M. Cova, V. Felmetsger, G. Banks, and G. Vigna., “Static Detection of Vulnerabilities in x86 Executables", Annual Computer Security Applications Conference (ACSAC), Miami, FL, December, 2006
- [18] Balakrishnan, G.,“WYSINWYX: What You See Is Not What You eXecute”, PhD Thesis, Computer Science Department, University of Wisconsin at Madison, August 2007
- [19] Cha, S. K., Avgerinos, T., Rebert A., Brumley, D., "Unleashing MAYHEM on Binary Code", Proceedings of the 2012 IEEE Symposium on Security and Privacy, p.380-394, May 20-25, 2012
- [20] NIST Software Assurance Reference Dataset, https://samate.nist.gov/SRD/testsuite.php, Son erişim tarihi: 29 Ekim 2019
- [21] Weka 3 - Data Mining with Open Source Machine Learning Software in Java, https://www.cs.waikato.ac.nz/ml/weka, Son erişim tarihi: 29 Ekim 2019
- [22] Aydın F., Aslan Z., "Diagnosis of neuro degenerative diseases using machine learning methods and wavelet transform", Journal of the Faculty of Engineering and Architecture of Gazi University, 32 (3), 749-766, 2017
- [23] Durmus, G., “Source Code and Data Set of The Study”, http://github.com/gdurmus/, Son erişim tarihi: 29 Ekim 2019
Details
| Primary Language | Turkish |
|---|---|
| Subjects | Engineering |
| Journal Section | Makaleler(Araştırma) |
| Authors | |
| Publication Date | April 13, 2020 |
| Published in Issue | Year 2020 Volume: 13 Issue: 1 |
Cite
Article Acceptance
Use user registration/login to upload articles online.
The acceptance process of the articles sent to the journal consists of the following stages:
1. Each submitted article is sent to at least two referees at the first stage.
2. Referee appointments are made by the journal editors. There are approximately 200 referees in the referee pool of the journal and these referees are classified according to their areas of interest. Each referee is sent an article on the subject he is interested in. The selection of the arbitrator is done in a way that does not cause any conflict of interest.
3. In the articles sent to the referees, the names of the authors are closed.
4. Referees are explained how to evaluate an article and are asked to fill in the evaluation form shown below.
5. The articles in which two referees give positive opinion are subjected to similarity review by the editors. The similarity in the articles is expected to be less than 25%.
6. A paper that has passed all stages is reviewed by the editor in terms of language and presentation, and necessary corrections and improvements are made. If necessary, the authors are notified of the situation.
.
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.