Skip to main content
SpringerLink
Log in

Dynamic binary analyzer for scanning vulnerabilities with taint analysis

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

In this paper, we introduce an overview of a dynamic binary analyzer for scanning vulnerabilities by performing taint analysis. People have been using the traditional security programs of pattern matching technique such as anti-virus and anti-spyware to protect their computer from malicious code. These security programs, however, cannot completely scan malicious behaviors attacking through the unknown vulnerability and are hard to protect from the attacks using self-modifying code which changes its own codes during runtime. To prevent these security risks, we develop the dynamic binary analyzer that can find these unknown vulnerabilities and self-modifying code. We adopt taint analysis to find vulnerabilities that transpire during runtime. Also using taint analysis let us check what effects have been occurred to programs by the input data and how they do spread widely to across the resources in an operating system. Adopting the dynamic analysis that drives and analyzes the system only in virtual machine circumstance through the emulator can make us detect the falsification of program code in program operational process. So we describe the framework of our analyzer and then explain the execution process and output of each process by using three test case demonstrations. Furthermore, we introduce several test cases of the security vulnerability for the demonstration and explain the results of proposed analyzer on test cases. The dynamic binary analyzer for scanning vulnerabilities with taint analysis (1) can find out existed security vulnerabilities in binary file, (2) can monitor all the actions of the binary file that affects operating system and (3) can be an expandable tool through the additional security element and policy.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18
Fig. 19
Fig. 20
Fig. 21

Similar content being viewed by others

References

  1. Bellard F (2007) QEMU open source processor emulator. QEMU. http://www.qemu.org Accessed 30 July 2013

  2. Brumley D, Jager I, Avgerinos T, Schwartz E J (2011) BAP: a binary analysis platform. In Proc: CAV 2011, LNCS, vol. 6806, Springer, Heidelberg, pp. 463–469

  3. Caballero J, Johnson NM, Kang M-G, McCamant S, Poosankam P, Song D (2010) Crash analysis with bitblaze. Blackhat, USA

    Google Scholar 

  4. Choi Y-H, Chung T-M (2013) A framework for dynamic taint analysis of binary executable file. In. Proc. ICISA 2013, Pattaya, pp. 374–375

  5. Chow J, Pfaff B, Garnkel T, Christopher K, Rosenblum M (2004) Understanding data lifetime via whole system simulation. In Proc: 13th USENIX Security Symposium, San Diego, pp. 321–336

  6. Claburn T (2009) Cyber attack code starts killing infected PCs. Information Week Government. http://www.informationweek.com/government/security/cyber-attack-code-starts-killing-infecte/218401559 Accessed 30 July 2013

  7. Clause J, Li W, Orso A (2007) Dytan: a generic dynamic taint analysis framework. In Proc: the 2007 International Symposium on Software Testing and Analysis, ACM

  8. Elinor M (2009) Botnet worm in DOS attacks could wipe data out on infected PCs. CNET News. http://news.cnet.com/8301-1009_3-10284281-83.html Accessed 30 July 2013

  9. Heo G-I, Park Y-J, Park W-H (2013) Vulnerability of information disclosure in data transfer section for constructing a safe smart work infrastructure. Multimed Tools Appl. doi:10.1007/s11042-013-1627-1

    Google Scholar 

  10. Jang Y-T, Chang S-E, Chen P-A (2013) Exploring social networking sites for facilitating multi-channel retailing. Multimed Tools Appl. doi:10.1007/s11042-013-1430-z

    Google Scholar 

  11. Kang M, McCamant S, Poosankam P, Song D (2011) DTA++: dynamic taint analysis with targeted control-flow propagation. In Proc: 18th Annual Network and Distributed System Security Symposium

  12. Martyn W (2009) UK, not North Korea, source of DDOS attacks, researcher says. Computerworld. http://www.computerworld.com/s/article/9135492/U.K._not_North_Korea_source_of_DDOS_attacks_researcher_says Accessed 30 July 2013

  13. Mayer C-B, Candan K-S, Sangam V (2004) Effects of user request patterns on a multimedia delivery system. Multimed Tools Appl 243:233–251

    Article  Google Scholar 

  14. Min J-W, Choi Y-H, Eom J-H, Chung T-M (2013) Eplicit untainting to reduce shadow memory usage and access frequency in taint analysis. In Proc: ICCSA2013, pp.195–186

  15. Newsome J, Song D (2004) Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. Technical report, School of Computer Science Carnegie Mellon University

  16. Rahbar A (2006) Stack overflow on windows vista. Sysdream. http://www.sysdream.com/sites/default/files/Stack%20overflow%20on%20Windows%20Vista.pdf Accessed 30 July 2013

  17. Scholten M (2007) Taint analysis in practice. Vrije Universiteit Amsterdam, Amsterdam, pp 1–29

    Google Scholar 

  18. Schwartz E, Avgerinos T, Brumley D (2010) All you ever wanted to know about dynamic taint analysis and forward symbolic execution. Security and Privacy (SP), 2010 I.E. Symposium, pp. 317–331

  19. Song D, Brumley D, Yin H, Caballero J, Jager I, Kang M, Liang Z, Newsome J, Poosankam P, Saxena P (2008) BitBlaze: a new approach to computer security via binary analysis. 4th International Conference on Information Systems Security (ICISS), pp. 1–25, Information Systems Security, Lecture Notes in Computer Science

  20. Sudworth J (2009) New ‘cyber attacks’ hit S Korea. BBC News. http://news.bbc.co.uk/2/hi/asia-pacific/8142282.stm Accessed 30 July 2013

  21. Urueña M, Muñoz A, Larrabeiti D (2013) Analysis of privacy vulnerabilities in single sign-on mechanisms for multimedia websites. Multimed Tools Appl. doi:10.1007/s11042-012-1155-4

    Google Scholar 

  22. Wu H-T, Hsieh W-S (2013) RSU-based message authentication for vehicular ad-hoc networks. Multimed Tools Appl 66:215–227. doi:10.1007/s11042-011-0792-3

    Article  Google Scholar 

  23. Yin H, Song D, Egele M, Kruegel C, Kirda E (2007) Panorama: capturing system-wide information flow for malware detection and analysis. Computer and Communication Security (CCS), Alexandria

    Google Scholar 

Download references

Acknowledgment

This work was supported by Priority Research Centers Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education, Science and Technology (2012-0005861).

Author information

Authors and Affiliations

  1. Department of Electrical and Computer Engineering, Sungkyunwan University, 300 Cheoncheon-dong, Jangan-gu, Suwon-si, Gyeonggi-do, South Korea

    Young-Hyun Choi & Min-Woo Park

  2. Military Studies, Daejeon University, 62 Daehakro, Dong-Gu, Daejeon, South Korea

    Jung-Ho Eom

  3. Department of Software, Sungkyunkwan University, 300 Cheoncheon-dong, Jangan-gu, Suwon-si, Gyeonggi-do, South Korea

    Tai-Myoung Chung

Authors
  1. Young-Hyun Choi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Min-Woo Park
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jung-Ho Eom
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Tai-Myoung Chung
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tai-Myoung Chung.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Choi, YH., Park, MW., Eom, JH. et al. Dynamic binary analyzer for scanning vulnerabilities with taint analysis. Multimed Tools Appl 74, 2301–2320 (2015). https://doi.org/10.1007/s11042-014-1922-5

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-014-1922-5

Keywords

Search

Navigation