Browse Prior Art Database

Discovering security defects in binary only software by fingerprinting

IP.com Disclosure Number: IPCOM000237917D
Original Publication Date: 2014-Jul-21
Included in the Prior Art Database: 2014-Jul-21
Document File: 3 page(s) / 50K

Publishing Venue

Linux Defenders

Related People

Armijn Hemel: AUTHOR

Abstract

This document describes a method for proactively discovering if binary software is vulnerable by first detecting which files were used to build a binary and by then combining it with information about security bugs extracted from source code.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 01 of 3

Discovering security defects in binary only software by fingerprinting

Introduction

Regularly security defects are found in electronics such as routers or NAS storage devices. With a shift from all purpose desktop computers/laptops to specialized devices (consumer electronics, SCADA, industrial automation) and a massive growth of electronics it is expected that these devices will get closer attention by people who want to exploit bugs in these devices.

As soon as these devices are deployed it is hard to fix bugs in them, either because it is hard to get users to install firmware updates (because the users don't want to, or because it is hard to get them to notice there is a firmware update), or it is impossible, impractical or dangerous to interrupt services and install an update (SCADA, industrial automation).

This document describes a method for proactively discovering if binary software is vulnerable by first detecting which files were used to build a binary and by then combining it with information about security bugs extracted from source code.

Tags

Linux, FreeBSD, *BSD, Unix, QNX, Solaris, Android, Java, software, software development, security, defect discovery, reverse engineering

Detailed description: using fingerprinting and combine it with security information

The method uses a combination of fingerprinting and security information obtained using static source code analysis. The first part of this method consists of analysing source code and finding out about security flaws in the source code. Common flaws are documented in for example the CERT secure coding standards. Source code can be analysed in a number of ways. One way is to use regular expressions to get the interesting bits of code, the other is to use a parser to build an abstract syntax tree (AST) and walk the AST to search for possible vulnerable code and further process results. After identification of possible vulnerable code the file name, file hash (MD5, SHA1, SHA256 or another hash), package, version and bugs found are stored in a database, togethe...