Over the past few years, software systems are increasingly being positioned as mission-critical elements of government and industry. Concurrently, and primarily because of this increase, there has been a heightened level of security-awareness amongst software vendors and consumers. This is especially true in government agencies and the military, where the usual security threats are compounded by the possibility of attacks against critical infrastructure and communications by hostile entities. This has given birth to a dire need for secure software systems and processes and techniques for achieving and assessing security concerns in software.
Concomitant with the increase in mission-critical software use, there has also been a marked increase in the use of COTS (Commercial Off The Shelf) software. This trend has been fueled by the exigencies of short application development timelines, scarce resources, efficiency of component reuse and availability of reusable software. While the use of COTS software is a boon from an efficiency and effectiveness perspective, it presents a problem to consumers who are worried about the security of the COTS software. The security of an entire system can easily be compromised by the introduction of a single insecure software component. Using COTS software components and third-party software libraries can save a tremendous amount of time and effort, but it must be undertaken with great care. These components may contain security vulnerabilities ranging from race condition, to a sloppily coded user input routine harboring a potential buffer overflow.
There are several tools and techniques (RATS, ITS4, etc) available today that address the need for automating the detection of software security vulnerabilities in applications. However, most of them are applicable to situations wherein the source code to the software is available. These source-code based tools make use of the semantic information embedded in source code to aid detection of security issues. Unfortunately, such tools are not applicable to COTS software since, as a general rule, a consumer does not have access to the source code of such software. The few binary code scanner tools that are available either require expert intervention, or are based on simple signature matching techniques. Such techniques are limited in their abilities due to their specificity and thus not ideal for security vulnerability detection tools.
The goal of this effort is to research and develop a prototype to address the issue of detecting security vulnerabilities in binary executables. The approach used in this effort is that of analyzing disassembled code from a binary executable to detect security vulnerabilities. The approach also leverages existing resources and research by combining the use of open-source tools, commercial tools and proprietary Cigital technologies along with integrating components from source-code based analysis tools to create a functional, usable binary code scanner.