高健壮性二进制应用程序裁剪  

作　　者：丁铎 孙聪 郑涛 DING Duo;SUN Cong;ZHENG Tao(School of Cyber Engineering,Xidian University,Xi’an 710071,China;The 54th Research Institute of China Electronics Technology Group Corporation Electronic Equipment,Shijiazhuang 050050,China;AVIC XI’AN Aeronautics Computing Technique Research Institute,Xi’an 710068,China)

机构地区：[1]西安电子科技大学网络与信息安全学院,西安710071 [2]中国电子科技集团公司第五十四研究所,石家庄050050 [3]中国航空工业集团公司西安航空计算技术研究所,西安710068

出　　处：《计算机科学》2024年第10期208-217,共10页Computer Science

基　　金：国家自然科学基金(62272366);陕西省重点研发计划(2023-YBGY-371)。

摘　　要：应用程序的常用功能仅占其所有功能的小部分。冗余功能代码造成应用程序攻击面扩大,从而增大代码重用攻击风险。二进制程序裁剪能够在分析应用程序二进制的基础上,识别并删除程序冗余代码,减小程序攻击面。现有二进制裁剪方法依赖人工构造的输入产生初始控制流,并依赖启发式方法扩展控制流图,导致方法健壮性和可扩展性受限。文中提出并实现了一种高健壮性二进制应用程序裁剪方法(RBdeb),使用黑盒模糊测试技术获取具有更高健壮性的合法执行轨迹集合,基于图同构算法自动分类相似库函数,提出的路径发现算法从初始执行轨迹构成的二进制控制流子图出发,扩展二进制控制流路径和同类库函数调用,生成高健壮性的裁剪结果二进制文件。实验结果表明,相比现有方案,RBdeb具有更高的路径覆盖率和裁剪后二进制健壮性,路径发现算法和库分类方法具有更强的可扩展性,所提方法能够裁剪大规模实际应用程序。The frequently used functionalities usually constitute a small portion of applications’functionalities.The redundant code for rarely used functionalities raises the attack surface of the applications,thus causing the potential risk of code reuse attacks.Binary program debloating can identify and remove the redundant code based on the binary analysis of the application,so as to reduce the attack surface.The state-of-the-art binary program debloating approach relies on artificially crafted inputs to derive the initial control flows.It uses heuristics to extend the binary control-flow graph for debloating.Such an approach has limited robustness and scalability.This paper proposes and implements a robust binary program debloating approach(RBdeb).It uses black-box fuzzing to derive highly-robust valid execution traces of the binary,and categorizes similar library functions automatically based on the graph isomorphism algorithm.The proposed path discovery algorithm extends the binary control flows with the classified library function calls from the control-flow sub-graph of the initial execution traces and generates the robust binary file as the debloating result.Experimental results demonstrate that RBdeb has higher path coverage and debloated binary robustness than the state-of-the-art approaches.The path discovery algorithm and library function categorization are more scalable.RBdeb can effectively debloat large real-world applications.

关 键 词：程序裁剪 二进制分析 模糊测试 二进制重写 程序分析 

分 类 号：TP314[自动化与计算机技术—计算机软件与理论]