Survey on application of binary reverse analysis in detecting software supply chain pollution

doi:10.11772/j.issn.1001-9081.2019071245

Journal of Computer Applications ›› 2020, Vol. 40 ›› Issue (1): 103-115.DOI: 10.11772/j.issn.1001-9081.2019071245

• Cyber security • Previous Articles Next Articles

Survey on application of binary reverse analysis in detecting software supply chain pollution

WU Zhenhua^1,2, ZHANG Chao², SUN He^2,3, YAN Xuexiong¹

1. State Key Laboratory of Mathematical Engineering and Advanced Computing, Information Engineering University of PLA Strategic Support Force, Zhengzhou Henan 450001, China;
2. Institute for Network Sciences and Cyberspace, Tsinghua University, Beijing 100084, China;
3. College of Command and Control Engineering, Army Engineering University of PLA, Nanjing Jiangsu 210007, China

Received:2019-07-18 Revised:2019-08-31 Online:2020-01-10 Published:2019-09-19
Supported by:
This work is partially supported by the Joint Funds of the National Natural Science Foundation of China (U1736209, 61772308), the National Key Research and Development Program of China (2017YFB0802900).

程序逆向分析在软件供应链污染检测中的应用研究综述

武振华^1,2, 张超², 孙贺^2,3, 颜学雄¹

1. 战略支援部队信息工程大学数学工程与先进计算国家重点实验室, 郑州 450001;
2. 清华大学网络科学与网络空间研究院, 北京 100084;
3. 陆军工程大学指挥控制工程学院, 南京 210007

通讯作者: 张超
作者简介:武振华(1989-),男,山东枣庄人,硕士研究生,主要研究方向:软件供应链安全、恶意代码分析;张超(1986-),男,湖北黄冈人,副教授,博士,CCF会员,主要研究方向:软件与系统安全、物联网与区块链应用安全、软件分析技术、AI与安全;孙贺(1990-),男,黑龙江齐齐哈尔人,博士研究生,主要研究方向:逆向工程、恶意代码分析;颜学雄(1975-),男,湖南耒阳人,副教授,博士,主要研究方向:Web应用漏洞挖掘、Web应用渗透测试。
基金资助:
国家自然科学基金联合基金资助项目（U1736209，61772308）；国家重点研发计划项目（2017YFB0802900）。

Abstract

Abstract: In recent years, Software Supply Chain (SSC) security issues have frequently occurred, which has brought great challenges to software security research. Since there are millions of new software released every day, it is essential to detect the pollution of SSC automatically. The problem of SSC pollution was first analyzed and discussed. Then focusing on the requirements of pollution detection in the downstream of SSC, the automatic program reverse analysis methods and their applications in the SSC pollution detection was introduced. Finally, the shortcomings and challenges faced by the existing technologies in solving the problem of SSC pollution was summarized and analyzed, and some researches worth studying to overcome these challenges were pointed out.

Key words: Software Supply Chain (SSC), pollution detection, reverse engineering analysis, software security

摘要： 近年来软件供应链（SSC）安全问题频发，给软件安全研究带来了巨大挑战。在每天新发布的海量软件的情况下，自动化SSC污染检测变得非常重要。首先剖析和阐述了SSC污染检测问题，之后着眼于在SSC下游开展污染检测的需求，详细介绍了程序逆向分析技术及其在SSC污染检测中的应用，最后总结分析了现有技术在SSC污染检测任务中存在的不足与挑战，给出了克服这些挑战的若干值得研究的课题。

关键词: 软件供应链, 污染检测, 程序逆向分析, 软件安全

CLC Number:

TP309

WU Zhenhua, ZHANG Chao, SUN He, YAN Xuexiong. Survey on application of binary reverse analysis in detecting software supply chain pollution[J]. Journal of Computer Applications, 2020, 40(1): 103-115.

武振华, 张超, 孙贺, 颜学雄. 程序逆向分析在软件供应链污染检测中的应用研究综述[J]. 计算机应用, 2020, 40(1): 103-115.

References

[1] 周振飞. 软件供应链污染机理与防御研究[D]. 北京:北京邮电大学, 2018:2-20. (ZHOU Z F. Research on software supply chain contamination mechanism and defense technology[D]. Beijing:Beijing University of Posts and Telecommunications, 2018:2-20.)
[2] 中国信息安全期刊编辑部. 纵深话题:软件供应链安全风险解析[J]. 中国信息安全, 2018(11):42-43. (Editorial Department of China Information Security. In-depth topic:software supply chain security risk analysis[J]. China Information Security, 2018(11):42-43.)
[3] 邹维,霍玮,刘奇旭. 确保软件供应链安全是一项系统工程[J]. 中国信息安全, 2018(11):58-60. (ZOU W, HUO W, LIU Q X. Ensuring software supply chain security is a system engineering[J]. China Information Security, 2018, 11(1):58-60.)
[4] CHESS B, MCGRAW G. Static analysis for security[J]. IEEE Security and Privacy, 2004, 2(6):76-79.
[5] EGELE M, SCHOLTE T, KIRDA E, et al. A survey on automated dynamic malware-analysis techniques and tools[J]. ACM Computing Surveys, 2012, 44(2):No.6.
[6] BALDONI R, COPPA E, D'ELIA D C, et al. A survey of symbolic execution techniques[J]. ACM Computing Surveys, 2018, 51(3):No.50.
[7] GANDOTRA E, BANSAL D, SOFAT S. Malware analysis and classification:a survey[J]. Journal of Information Security, 2014, 5(2):56-64.
[8] 陈波. 软件供应链的文献综述[J]. 科协论坛, 2008(10):75-75. (CHEN B. A survey of software supply chain[J]. Science and Technology Association Forum, 2008(10):75-75.)
[9] 360互联网安全中心. 中国政企软件供应链攻击现状分析报告[EB/OL].[2019-05-14]. http://zt.360.cn/1101061855.php?dtid=1101062514&did=490729600.(360 Internet Security Center. China government and enterprise software supply chain attack status analysis report[EB/OL].[2019-05-14]. http://zt.360.cn/1101061855.php?dtid=1101062514&did=490729600.)
[10] 祝国邦,陈洁. 软件供应链安全现状与对策建议[J]. 中国信息安全, 2018(11):44-47. (ZHU G B, CHEN J. The status quo of software supply chain security and countermeasures[J]. China Information Security, 2018(11):44-47.)
[11] 张健,张超,玄跻峰,等. 程序分析研究进展[J]. 软件学报, 2019, 30(1):80-109. (ZHANG J, ZHANG C, XUAN J F, et al. Recent progress in program analysis[J]. Journal of Software, 2019, 30(1):80-109.)
[12] 李舟军,张俊贤,廖湘科,等. 软件安全漏洞检测技术[J]. 计算机学报, 2015, 38(4):717-732. (LI Z J, ZHANG J X, LIAO X K, et al. Survey of software vulnerability detection techniques[J]. Chinese Journal of Computers, 2015, 38(4):717-732.)
[13] 安天实验室. Xcode非官方版本恶意代码污染事件(XcodeGhost)的分析与综述[EB/OL].[2019-07-15]. https://www.antiy.com/response/xcodeghost.html.(Antiy Lab. Analysis and survey of Xcode unofficial version malicious code pollution incident (XcodeGhost)[EB/OL].[2019-07-15]. https://www.antiy.com/response/xcodeghost.html.)
[14] 360天眼实验室. Xshell被植入后门代码事件分析报告(完整版)[EB/OL].[2019-07-18]. https://www.anquanke.com/post/id/86655. (360 Tianyan Lab. Xshell implanted with backdoor code event analysis report (full version)[EB/OL].[2019-07-18]. https://www.anquanke.com/post/id/86655.)
[15] URAD N B. skcsirt-sa-20170909-pypi[EB/OL].[2019-07-15]. https://www.nbu.gov.sk/skcsirt-sa-20170909-pypi/.
[16] Alpha_h4ck. 针对密币交易所gate.io的供应链攻击技术分析[EB/OL].[2019-07-15]. https://www.freebuf.com/articles/web/191959.html.(Alpha_h4ck. Analysis of supply chain attack techniques for the crypto currency exchange gate.io[EB/OL].[2019-07-15]. https://www.freebuf.com/articles/web/191959.html.)
[17] 火绒安全. "净广大师"病毒HTTPS劫持技术深度分析[EB/OL].[2019-07-15]. http://www.huorong.cn/info/148230103656.html. (HuoRong BoRui. Depth analysis of the "JingGuangDaShi" virus HTTPS hijacking technology[EB/OL].[2019-07-15]. http://www.huorong.cn/info/148230103656.html.)
[18] 火绒安全. 百度旗下网站暗藏恶意代码——劫持用户电脑疯狂"收割"流量[EB/OL].[2019-07-15]. http://www.huorong.cn/info/148826116759.html?utm_sources=landian.la. (HuoRong BoRui. Baidu's websites hide malicious code-hijacking users' computer and crazily "harvesting" traffic[EB/OL].[2019-07-15]. http://www.huorong.cn/Info/148826116759.html?utm_sources=landian.la.)
[19] 腾讯电脑管家. "异鬼Ⅱ"Bootkit木马详细分析[EB/OL].[2019-07-15]. https://www.freebuf.com/articles/web/141633.html. (Tencent PC Manager. Detailed analysis of "Hidden Ghost Ⅱ" Bootkit trojan[EB/OL].[2019-07-15]. https://www.freebuf.com/articles/web/141633.html.)
[20] 360烽火实验室. 关于"WireX Botnet"事件Android样本分析报告[EB/OL].[2019-07-15]. http://blogs.360.cn/post/analysis_of_wirex_botnet.html. (360 Campfire Lab. Android sample analysis report about the "WireX Botnet" event[EB/OL].[2019-07-15]. http://blogs.360.cn/post/analysis_of_wirex_botnet.html.)
[21] 安全客. 史上反侦察力最强木马"隐魂":撑起色情播放器百万推广陷阱[EB/OL].[2019-07-15]. https://www.anquanke.com/post/id/86600.(AnQuanKe. The most anti-reconnaissance trojan in the history "YinHun":support the porn player million promotion trap[EB/OL].[2019-07-15]. https://www.anquanke.com/post/id/86600.)
[22] 360安全卫士. 老毛桃PE盘工具木马:一款"通杀"浏览器的主页劫持大盗[EB/OL].[2019-07-15]. http://bobao.360.cn/interref/detail/207.html.(360 Security. LaoMaoTao PE disk tool trojan:a "pass kill" browser home page hijacking thief[EB/OL].[2019-07-15]. http://bobao.360.cn/interref/detail/207.html.)
[23] 珠海猎豹团队. 揭秘"驱魔"家族:全国最大的暗刷僵尸网络上线了[EB/OL].[2019-07-15]. https://www.freebuf.com/articles/system/192275.html.(Zhuhai Cheetah Team. Demystifying the "QuMo" family:the national largest dark-brushed botnet is online[EB/OL].[2019-07-15]. https://www.freebuf.com/articles/system/192275.html.)
[24] 火绒安全. 知名商业软件"喂养"病毒产业链:"Toxik"病毒追踪[EB/OL].[2019-07-15]. http://www.huorong.cn/info/146855435236.html.(HuoRong BoRui. Well-known commercial software "feeding" virus industry chain:"Toxik" virus tracking[EB/OL].[2019-07-15]. http://www.huorong.cn/info/146855435236.html.)
[25] 360安全卫士. 网络"投毒"系列报告:全国多省软件升级劫持攻击事件数据分析[EB/OL].[2019-07-15]. http://bobao.360.cn/interref/detail/192.html.(360 Security. Network "poisoning" series report:data analysis of software upgrade hijacking attacks in many provinces[EB/OL].[2019-07-15]. http://bobao.360.cn/interref/detail/192.html.)
[26] 360安全监测与响应中心. Petya0627勒索病毒安全预警通告(第四次更新)[EB/OL].[2019-07-15]. http://bobao.360.cn/interref/detail/183.html.(360 Computer Emergency Readiness Team. Petya0627 blackmail virus security alert notice (fourth update)[EB/OL].[2019-07-15]. http://bobao.360.cn/Interref/detail/183.html.)
[27] 奇安信威胁情报中心. 深入分析CCleaner后门代码-编译环境污染类的供应链攻击案例[EB/OL].[2019-07-15]. https://www.freebuf.com/articles/system/149009.html.(QiAnXin Threat Intelligence Center. In-depth analysis of CCleaner backdoor code-build environmental pollution category supply chain attack case[EB/OL].[2019-07-15]. https://www.freebuf.com/articles/system/149009.html.)
[28] 珠海猎豹团队. "暗流Ⅱ"再次席卷:多玩旗下"游戏盒子"疑遭供应链攻击[EB/OL].[2019-07-15]. https://www.freebuf.com/articles/paper/195669.html.(Zhuhai Cheetah Team. "AnLiu Ⅱ" sweep again:DuoWan's "game box" may being suffered from the supply chain attacks[EB/OL].[2019-07-15]. https://www.Freebuf.com/articles/paper/195669.html.)
[29] 深圳市驱动人生科技股份有限公司. 关于驱动人生升级模块被黑客利用事件经过说明[EB/OL].[2019-07-15]. https://www.160.com/notice1219.html. (Shenzhen Drive the Life Technology Co., Ltd. Explanation of the process of the Drive the Life upgrade module being used by hackers[EB/OL].[2019-07-15]. https://www.160.com/notice1219.html.)
[30] 黑鸟威胁情报中心. ShaHmer行动:疑似华X电脑公司遭受有针对性的供应链攻击[EB/OL].[2019-07-15]. https://www.freebuf.com/column/199236.html.(Blackbird Threat Intelligence Center. ShaHmer operation:Hua X computer companymay of being suffered from targeted supply chain attacks[EB/OL].[2019-07-15]. https://www.freebuf.com/column/199236.html.)
[31] CLULEY G. Poisoned PEAR. PHP extension repository download infected for up to six months[EB/OL].[2019-07-15]. https://www.grahamcluley.com/poisoned-pear-php-extension-repository-download-infected-for-up-to-six-months/.
[32] 360安全. "灵隐"木马黑吃灰:绑架数十款游戏外挂实现恶意推广[EB/OL].[2019-07-15]. https://www.freebuf.com/articles/system/143461.html.(360 Security. "Lingyin" trojan eat gray as a black:kidnapping dozens of game plug-ins for malicious promotion[EB/OL].[2019-07-15]. https://www.freebuf.com/articles/system/143461.html.)
[33] 瘦蛟舞,蒸米. 比葫芦娃还可怕的百度全系APP SDK漏洞-WormHole虫洞漏洞分析报告[EB/OL].[2019-07-15]. https://www.anquanke.com/post/id/82828.(SHOU J W, ZHEN M. Baidu full APP SDK vulnerabilities are more horrible than Hulu-Brothers-WormHole vulnerability analysis report[EB/OL].[2019-07-15]. https://www.anquanke.com/post/id/82828.)
[34] 火绒安全. 恶性病毒Kuzzle "攻破"安全厂商白名单[EB/OL].[2019-07-15]. http://down4.huorong.cn/doc/kuzzle.pdf.(HuoRong BoRui. The vicious virus Kuzzle "breaks out" the whitelist of security vendors[EB/OL].[2019-07-15]. http://down4.huorong.cn/doc/kuzzle.pdf.)
[35] Hex-Rays. Homepage of Hex-Rays[EB/OL].[2019-05-05]. https://www.hex-rays.com/index.shtml.
[36] SCHWARZ B, DEBRAY S, ANDREWS G. Disassembly of executable code revisited[C]//Proceedings of the 9th Working Conference on Reverse Engineering. Piscataway:IEEE, 2002:45-54.
[37] EAGLE C. The IDA Pro Book:The Unofficial Guide to the World's Most Popular Disassembler[M]. San Francisco:No Starch Press, 2011:236-348.
[38] QUYNH N A. Capstone:next-gen disassembly framework[J]. Black Hat USA, 2014, 5(2):3-8.
[39] Binary Ninja. Homepage of Binary Ninja[EB/OL].[2019-07-18]. https://binary.ninja/.
[40] National Security Agency. Ghidra[EB/OL].[2019-06-18]. https://github.com/NationalSecurityAgency/ghidra.
[41] BUROW N, CARR S A, NASH J, et al. Control-flow integrity:precision, security, and performance[J]. ACM Computing Surveys, 2017, 50(1):No.16.
[42] SU T, WU K, MIAO W, et al. A survey on data-flow testing[J]. ACM Computing Surveys, 2017, 50(1):No.5.
[43] GUILFANOV I. Fast library identification and recognition technology[EB/OL].(2015-04-09)[2019-06-15]. https://www.hex-rays.com/products/ida/tech/flirt/in_depth.shtml.
[44] VISSER W, HAVELUND K, BRAT G, et al. Model checking programs[J]. Automated Software Engineering, 2003, 10(2):203-232.
[45] SCHWARTZ E J, AVGERINOS T, BRUMLEY D. All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask)[C]//Proceedings of the 2010 IEEE Symposium on Security and Privacy. Piscataway:IEEE, 2010:317-331.
[46] DE MOURA L, RNER N. Z3:an efficient SMT solver[C]//Proceedings of the 2008 International Conference on Tools and Algorithms for the Construction and Analysis of Systems, LNCS 4963. Berlin:Springer, 2008:337-340.
[47] CADAR C, DUNBAR D, ENGLER D. KLEE:unassisted and automatic generation of high-coverage tests for complex systems programs[C]//Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation. Berkeley, CA:USENIX Association, 2008:209-224.
[48] Microsoft. C run-time library reference[EB/OL].[2017-04-23]. https://docs.microsoft.com/en-us/cpp/c-runtime-library/c-run-time-library-reference?view=vs-2019.
[49] BANIA P. Generic unpacking of self-modifying, aggressive, packed binary programs[J]. Computer Science, 2009, 9(5):45-81.
[50] DEBRAY S, PATEL J. Reverse engineering self-modifying code:unpacker extraction[C]//Proceedings of the 17th Working Conference on Reverse Engineering. Piscataway:IEEE, 2010:131-140.
[51] HEO K, OH H, YANG H, et al. Adaptive static analysis via learning with bayesian optimization[J]. ACM Transactions on Programming Languages and Systems, 2018, 40(4):No.14.
[52] JEONG S, JEON M, CHA S, et al. Data-driven context-sensitivity for points-to analysis[J]. Proceedings of the ACM on Programming Languages, 2017, 1(OOPSLA):No.100.
[53] KANG M G, POOSANKAM P, YIN H. Renovo:a hidden code extractor for packed executables[C]//Proceedings of the 2007 ACM Workshop on Recurring Malcode. New York:ACM, 2007:46-53.
[54] MARTIGNONI L, CHRISTODORESCU M, JHA S. OmniUnpack:fast, generic, and safe unpacking of malware[C]//Proceedings of the 23rd Conference on Computer Security Applications Conference. Piscataway:IEEE, 2007:431-441.
[55] CHENG B, MING J, FU J, et al. Towards paving the way for large-scale windows malware analysis:generic binary unpacking with orders-of-magnitude performance boost[C]//Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM, 2018:395-411.
[56] CHIPOUNOV V, CANDEA G. Dynamically translating x86 to LLVM using QEMU[EB/OL].[2019-08-31]. https://pdfs.semanticscholar.org/57f7/f94d5ec8f465b8f8753aaf63fbb488d96f9d.pdf.
[57] CHIPOUNOV V, KUZNETSOV V, CANDEA G. S2E:a platform for in vivo multi-path analysis of software systems[C]//Proceedings of the 16th Architectural Support for Programming Languages and Operating Systems. New York:ACM, 2011:265-278.
[58] SONG D, BRUMLEY D, YIN H, et al. BitBlaze:a new approach to computer security via binary analysis[C]//Proceedings of the 2008 International Conference on Information Systems Security, LNCS 5352. Berlin:Springer, 2008:1-25.
[59] LUK C K, COHN R, MUTH R, et al. Pin:building customized program analysis tools with dynamic instrumentation[J]. ACM SIGPLAN Notices, 2005, 40(6):190-200.
[60] BARON I. Dynamic optimization of interpreters using DynamoRIO[D]. Cambridge, MA:Massachusetts Institute of Technology, 2003:1-112.
[61] CHA S K, AVGERINOS T, REBERT A, et al. Unleashing mayhem on binary code[C]//Proceedings of the 2012 IEEE Symposium on Security and Privacy. Piscataway:IEEE, 2012:380-394.
[62] RAVIPATI G, BERNAT A R, ROSENBLUM N, et al. Toward the deconstruction of Dyninst[EB/OL].[2019-08-31]. https://pdfs.semanticscholar.org/0288/1fe0a909001740ab48b8cfa5161f49fb49ea.pdf.
[63] NETHERCOTE N, SEWARD J. Valgrind:a framework for heavyweight dynamic binary instrumentation[J]. ACM SIGPLAN Notices, 2007, 42(6):89-100.
[64] CHARIF-RUBIAL A S, BARTHOU D, VALENSI C, et al. MIL:a language to build program analysis tools through static binary instrumentation[C]//Proceedings of the 2013 Annual International Conference on High Performance Computing. Piscataway:IEEE, 2013:206-215.
[65] LAURENZANO M A, TIKIR M M, CARRINGTON L, et al. Pebil:efficient static binary instrumentation for Linux[C]//Proceedings of the 2010 IEEE International Symposium on Performance Analysis of Systems and Software. Piscataway:IEEE, 2010:175-183.
[66] THALHEIM J, BHATOTIA P, FETZER C. INSPECTOR:data provenance using Intel processor trace[C]//Proceedings of the IEEE 36th International Conference on Distributed Computing Systems. Piscataway:IEEE, 2016:25-34.
[67] MOSER A, KRUEGEL C, KIRDA E. Exploring multiple execution paths for malware analysis[C]//Proceedings of the 2007 IEEE Symposium on Security and Privacy. Piscataway:IEEE, 2007:231-245.
[68] DINABURG A, ROYAL P, SHARIF M, et al. Ether:malware analysis via hardware virtualization extensions[C]//Proceedings of the 15th ACM Conference on Computer and Communications Security. New York:ACM, 2008:51-62.
[69] YUSOF A R, UDZIR N I, SELAMAT A. Systematic literature review and taxonomy for DDoS attack detection and prediction[J]. International Journal of Digital Enterprise Technology, 2019, 1(3):292-315.
[70] BURNIM J, SEN K. Heuristics for scalable dynamic test generation[C]//Proceedings of the 23rd IEEE/ACM International Conference on Automated Software Engineering. Piscataway:IEEE, 2008:443-446.
[71] GANESH V, DILL D L. A decision procedure for bit-vectors and arrays[C]//Proceedings of the 2007 International Conference on Computer Aided Verification, LNCS 4590. Berlin:Springer, 2007:519-531.
[72] LATTNER C, ADVE V. LLVM:a compilation framework for lifelong program analysis & transformation[C]//Proceedings of the 2004 International Symposium on Code Generation and Optimization. Piscataway:IEEE, 2004:75-86.
[73] WANG X, SUN J, CHEN Z, et al. Towards optimal concolic testing[C]//Proceedings of the 40th International Conference on Software Engineering. New York:ACM, 2018:291-302.
[74] GODEFROID P, LEVIN M Y, MOLNAR D. SAGE:whitebox fuzzing for security testing[J]. Communications of the ACM, 2012, 55(3):40-44.
[75] CHIPOUNOV V, GEORGESCU V, ZAMFIR C, et al. Selective symbolic execution[C]//Proceedings of the 5th Workshop on Hot Topics in System Dependability. Broomfield, CO:HotDep, 2009:1-6.
[76] CHIPOUNOV V, KUZNETSOV V, CANDEA G. The S2E platform:design, implementation, and applications[J]. ACM Transactions on Computer Systems, 2012, 30(1):No.2.
[77] SHOSHITAISHVILI Y, WANG R, SALLS C, et al. SOK:(state of) the art of war:offensive techniques in binary analysis[C]//Proceedings of the 2016 IEEE Symposium on Security and Privacy. Piscataway:IEEE, 2016:138-157.
[78] TRABISH D, MATTAVELLI A, RINETZKY N, et al. Chopped symbolic execution[C]//Proceedings of the 40th International Conference on Software Engineering. New York:ACM, 2018:350-360.
[79] YU H, CHEN Z, WANG J, et al. Symbolic verification of regular properties[C]//Proceedings of the 2018 IEEE/ACM 40th International Conference on Software Engineering. Piscataway:IEEE, 2018:871-881.
[80] YI Q, YANG Z, GUO S, et al. Eliminating path redundancy via postconditioned symbolic execution[J]. IEEE Transactions on Software Engineering, 2018, 44(1):25-43.
[81] WANG H, LIU T, GUAN X, et al. Dependence guided symbolic execution[J]. IEEE Transactions on Software Engineering, 2017, 43(3), 252-271.
[82] AQUINO A, BIANCHI F A, CHEN M, et al. Reusing constraint proofs in program analysis[C]//Proceedings of the 2015 International Symposium on Software Testing and Analysis. New York:ACM, 2015:305-315.
[83] JIA X, GHEZZI C, YING S. Enhancing reuse of constraint solutions to improve symbolic execution[C]//Proceedings of the 2015 International IEEE Symposium on Software Testing and Analysis. New York:ACM, 2015:177-187.
[84] AMIRI-CHIMEH S, HAGHIGHI H. An approach to solving non-linear real constraints for Symbolic Execution[J]. Journal of Systems and Software, 2019, 157:No.110383.
[85] SUN Y, WU M, RUAN W, et al. Concolic testing for deep neural networks[C]//Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering. New York:ACM, 2018:109-119.
[86] CHA S, HONG S, LEE J, et al. Automatically generating search heuristics for concolic testing[C]//Proceedings of the IEEE/ACM 40th International Conference on Software Engineering. Piscataway:IEEE, 2018:1244-1254.
[87] CHRISTAKIS M, MVLLER P, WVSTHOLZ V. Guiding dynamic symbolic execution toward unverified program executions[C]//Proceedings of the 38th International Conference on Software Engineering. New York:ACM, 2016:144-155.
[88] STEPHENS N, GROSEN J, SALLS C, et al. Driller:augmenting fuzzing through selective symbolic execution[C]//Proceedings of the 23rd Network and Distributed System Security Symposium. San Diego:Internet Society, 2016:1-16.
[89] YADEGARI B, JOHANNESMEYER B, WHITELY B, et al. A generic approach to automatic deobfuscation of executable code[C]//Proceedings of the 2015 IEEE Symposium on Security and Privacy. Piscataway:IEEE, 2015:674-691.
[90] BRUMLEY D, JAGER I, AVGERINOS T, et al. BAP:a binary analysis platform[C]//Proceedings of the 2011 International Conference on Computer Aided Verification, LNCS 6806. Berlin:Springer, 2011:463-469.
[91] AVGERINOS T, CHA S K, REBERT A, et al. Automatic exploit generation[J]. Communications of the ACM, 2014, 57(2):74-84.
[92] KIRAT D, VIGNA G. MalGene:automatic extraction of malware analysis evasion signature[C]//Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. New York:ACM, 2015:769-780.
[93] UGARTE-PEDRERO X, BALZAROTTI D, SANTOS I, et al. SoK:deep packer inspection:a longitudinal study of the complexity of run-time packers[C]//Proceedings of the 2015 IEEE Symposium on Security and Privacy. Piscataway:IEEE, 2015:659-673.
[94] YADEGARI B, DEBRAY S. Symbolic execution of obfuscated code[C]//Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. New York:ACM, 2015:732-744.
[95] BARDINS, DAVID R, MARION J Y. Backward-bounded DSE:targeting infeasibility questions on obfuscated codes[C]//Proceedings of the 2017 IEEE Symposium on Security and Privacy. Piscataway:IEEE, 2017:633-651.
[96] XU D, MING J, FU Y, et al. VMHunt:a verifiable approach to partially-virtualized binary code simplification[C]//Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM, 2018:442-458.
[97] 任玉柱,张有为,艾成炜. 污点分析技术研究综述[J]. 计算机应用, 2019, 39(8):2302-2309. (REN Y Z, ZHANG Y W, AI C W. Survey on taint analysis technology[J]. Journal of Computer Applications, 2019, 39(8):2302-2309.)
[98] YADEGARI B, DEBRAY S. Bit-level taint analysis[C]//Proceedings of the IEEE 14th International Working Conference on Source Code Analysis and Manipulation. Piscataway:IEEE, 2014:255-264.
[99] YADEGARI B, STEPHENS J, DEBRAY S. Analysis of exception-based control transfers[C]//Proceedings of the 7th ACM Conference on Data and Application Security and Privacy. New York:ACM, 2017:205-216.
[100] 屈雪晴,张圣昌. 基于逆向计算的细粒度污点分析方法[J]. 河北大学学报(自然科学版), 2019, 39(4):437-443. (QU X Q, ZHANG S C. Finer-grained taint analysis method based on reverse computing[J]. Journal of Hebei University (Natural Science Edition), 2019, 39(4):437-443.)
[101] MOSER A, KRUEGEL C, KIRDA E. Limits of static analysis for malware detection[C]//Proceedings of the 23rd Annual Computer Security Applications Conference. Piscataway:IEEE, 2007:421-430.
[102] JUNOD P, RINALDINI J, WEHRLI J, et al. Obfuscator-LLVM:software protection for the masses[C]//Proceedings of the IEEE/ACM 1st International Workshop on Software Protection. Piscataway:IEEE, 2015:3-9.
[103] LINN C, DEBRAY S. Obfuscation of executable code to improve resistance to static disassembly[C]//Proceedings of the 10th ACM conference on Computer and Communications Security. New York:ACM, 2003:290-299.
[104] ROYAL P, HALPIN M, DAGON D, et al. PolyUnpack:automating the hidden-code extraction of unpack-executing malware[C]//Proceedings of the 22nd Conference on Annual Computer Security Applications Conference. Piscataway:IEEE, 2006:289-300.
[105] COLLBERG C, NAGRA J. Surreptitious Software:Obfuscation, Watermarking, and Tamperproofing for Software Protection[M]. Upper Saddle River, NJ:Pearson Education, 2009:154-179.
[106] 刘磊,张晶,赵健,等. 程序分析方法[M]. 北京:机械工业出版社, 2013:132-146. (LIU L, ZHANG J, ZHAO J, et al. Program Analysis Method[M]. Beijing:China Machine Press, 2013:132-146.)
[107] ANDRIESSE D, CHEN X, VAN DER VEEN V, et al. An in-depth analysis of disassembly on full-scale x86/x64 binaries[C]//Proceedings of the 25th USENIX Security Symposium. Berkeley, CA:USENIX Association, 2016:583-600.
[108] 贾春福,王志,刘昕,等. 路径模糊:一种有效抵抗符号执行的二进制混淆技术[J]. 计算机研究与发展, 2011, 48(11):2111-2119. (JIA C F, WANG Z, LIU X, et al. Branch obfuscation:an efficient binary code obfuscation to impede symbolic execution[J]. Journal of Computer Research and Development, 2011, 48(11):2111-2119.)
[109] SHARIF M, LANZI A, GIFFIN J, et al. Impeding malware analysis using conditional code obfuscation[C]//Proceedings of the 2008 Network and Distributed System Security Symposium. San Diego, CA:NDSS, 2008:1-13.
[110] 孙贺,吴礼发,洪征,等. 一种结合动态与静态分析的函数调用图提取方法[J]. 计算机工程, 2017, 43(3):154-162. (SUN H, WU L F, HONG Z, et al. A function call graph extraction method combining static and dynamic analysis[J]. Computer Engineering, 2017, 43(3):154-162.)
[111] BAUMAN E, LIN Z, HAMLEN K W, et al. Superset disassembly:statically rewriting x86 binaries without heuristics[C]//Proceedings of the 2018 Conference on Network and Distributed Systems Security Symposium. Berlin:Springer, 2018:40-47.
[112] 付文,赵荣彩,庞建民,等. 隐式API调用行为的静态检测方法[J]. 计算机工程, 2010, 36(14):108-110. (FU W, ZHAO R C, PANG J M, et al. Static detection method for obfuscated API-calling behavior[J]. Computer Engineering, 2010, 36(14):108-110.)
[113] KOTOV V, WOJNOWICZ M. Towards generic deobfuscation of windows API calls[C]//Proceedings of the 2018 Network and Distributed System Security Symposium. San Diego, CA:Internet Society, 2018:1-11.
[114] 肖顺陶,周安民,刘亮,等. 基于符号执行的底层虚拟机混淆器反混淆框架[J]. 计算机应用, 2018, 38(6):1745-1750. (XIAO S T, ZHOU A M, LIU L, et al. Obfuscator low level virtual machine deobfuscation framework based on symbolic execution[J]. Journal of Computer Applications, 2018, 38(6):1745-1750.)
[115] PENG F, DENG Z, ZHANG X, et al. X-force:force-executing binary programs for security applications[C]//Proceedings of the 23rd USENIX Security Symposium. Berkeley, CA:USENIX Association, 2014:829-844.
[116] LEHMAN M M, RAMIL J F. Rules and tools for software evolution planning and management[J]. Annals of Software Engineering, 2001, 11(1):15-44.
[117] JANG J, WOO M, BRUMLEY D. Towards automatic software lineage inference[C]//Proceedings of the 22nd USENIX Security Symposium. Berkeley, CA:USENIX Association, 2013:81-96.
[118] 潘幡,洪征,杜有翔,等. 基于递归聚类的报文结构提取方法[J]. 四川大学学报(工程科学版), 2012, 44(6):137-142. (PAN F, HONG Z, DU Y X, et al. Recursive clustering based method for message structure extraction[J]. Journal of Sichuan University (Engineering Science Edition), 2012, 44(6):137-142.)

Survey on application of binary reverse analysis in detecting software supply chain pollution

程序逆向分析在软件供应链污染检测中的应用研究综述

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 2

Recommended Articles

Metrics

[1]	XU Jinchao ZENG Guosun. Dynamic software watermarking algorithm based on stack-state relations [J]. Journal of Computer Applications, 2013, 33(04): 1065-1069.
[2]	ZHANG Xuan LIAO Hongzhi LI Tong XU Jing ZHANG Qianru QIAN Ye. Software security measurement based on information entropy and attack surface [J]. Journal of Computer Applications, 2013, 33(01): 19-22.