Precise Detection of Security Checks in Program Binaries

Koyel Pramanick; Prasad Kulkarni

doi:10.5220/0013366000003899

Precise Detection of Security Checks in Program Binaries

Koyel Pramanick, Prasad Kulkarni

2025

Abstract

Security checks are added to protect vulnerable code constructs, including certain indirect jumps and memory references, from external attacks. Detecting the presence of security checks that guard vulnerable code constructs provides an important means to evaluate the security properties of given binary software. Previous research has attempted to find such security checks guarding potential vulnerable codes in software binaries. Unfortunately, these techniques do not attempt to separate the original program code from the security check code, leading to many false positives. The security check patterns detected by such techniques are also inaccurate as they may be interspersed with program instructions. In this work, we develop a novel program slicing based technique to partition the original program code from any non-program instructions, including the added security checks. We define program code as instructions in the binary software that are needed to compute the original and expected program outputs. Our technique can more accurately identify the embedded security checks in program binaries with fewer false positives. Our technique can also find more precise security check code patterns in the given binary. Overall, our work can enable tools and humans to more effectively perform independent security evaluations of binary software.

Download

Paper Citation

in Harvard Style

Pramanick K. and Kulkarni P. (2025). Precise Detection of Security Checks in Program Binaries. In Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 2: ICISSP; ISBN 978-989-758-735-1, SciTePress, pages 397-408. DOI: 10.5220/0013366000003899

in Bibtex Style

@conference{icissp25,
author={Koyel Pramanick and Prasad Kulkarni},
title={Precise Detection of Security Checks in Program Binaries},
booktitle={Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 2: ICISSP},
year={2025},
pages={397-408},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0013366000003899},
isbn={978-989-758-735-1},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 2: ICISSP
TI - Precise Detection of Security Checks in Program Binaries
SN - 978-989-758-735-1
AU - Pramanick K.
AU - Kulkarni P.
PY - 2025
SP - 397
EP - 408
DO - 10.5220/0013366000003899
PB - SciTePress