A Model, Algorithms and Software Tool for Vulnerabilities Detection in Machine Code

In the article we consider the problem of vulnerabilities detection in machine code. In this paper, disadvantages of current solutions in case of possibility to detect vulnerabilities in view of threats to confidential information that is processed in vulnerable software are highlighted. To solve this problem, we propose original model of vulnerabilities detection in program trace, its algorithmic support and software implementation. The model provides formal criteria to distinct bug from vulnerability taking into account distribution of protected information in the memory of software under test. We use tainted data analysis technique to highlight such memory regions. In addition, we conduct experimental evaluation of developed system efficiency which demonstrates that our solution allows detecting 5 types of Windows software vulnerabilities more and 4 types Linux software vulnerabilities more than existing analogs.