一种基于随机游走的固件代码补丁修复判定方法  

作　　者：沈毅 于璐 赵军[1,2] 张童童 SHEN Yi;YU Lu;ZHAO Jun;ZHANG Tongtong(College of Electronic Engineering,National University of Defense Technology,Hefei 230007,China;Anhui Province Key Laboratory of Cyberspace Security Situation Awareness and Evaluation,Hefei 230007,China;Unit 31455 of PLA,Shenyang 110000,China)

机构地区：[1]国防科技大学电子对抗学院,安徽合肥230037 [2]网络空间安全态势感知与评估安徽省重点实验室,安徽合肥230037 [3]31455部队,辽宁沈阳110000

出　　处：《信息对抗技术》2024年第4期50-62,共13页Information Countermeasures Technology

基　　金：国家自然科学基金资助项目(62202484)。

摘　　要：确定目标程序中的漏洞是否被修复,是软件安全性检测的途径之一,能够提高程序安全性。提出了一种基于随机游走的固件补丁存在性判定方法,利用程序分析技术对二进制固件函数进行代码特征提取和分析,判断固件中的函数是否进行了补丁修复,实现对固件漏洞代码的检测。该方法分别对固件中的目标函数和对应的漏洞函数、固件中的目标函数和补丁函数构建表征代码相似性程度的伴随图,并使用随机游走的方法筛选伴随图中的重要节点。基于重要节点信息,可以判断目标函数与漏洞函数、补丁函数的相似程度,实现对目标函数补丁修复情况的自动化判断。实验证明,提出的方法可以实现对固件补丁修复情况的高效判断,为提高二进制固件安全性提供支持。Determining whether vulnerabilities in the target program have been fixed is one of the approaches to software security detection,which can enhance the safety of the program.A method for determining the existence of firmware patches based on random walks was proposed.This method utilizes program analysis techniques to extract and analyze code features from binary firmware functions,judging whether functions in the firmware have undergone patch repairs,and achieving the detection of firmware vulnerability codes.The method constructs accompanying graphs representing the degree of code similarity between the target function in the firmware and its corresponding vulnerability function,as well as between the target function and the patch function.Important nodes in the accompanying graph are then selected using a random walk approach.Based on the information from these important nodes,it is possible to determine the similarity between the target function and both the vulnerability function and the patch function,enabling automated judgment on the patch repair status of the target function. Experimental results show that the proposed method can effi-ciently judge the patch repair status of firmware, providing support for enhancing the security of binary firmware.

关 键 词：漏洞分析 随机游走 补丁修复 固件漏洞 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]