DYBS: A Lightweight Dynamic Slicing Framework for Diagnosing Attacks on x86 Binary Programs

Nowadays, applications are usually large-scale, this making tasks of comprehending and debugging software rather complicated. As a dynamic reduction technique for simplifying programs, dynamic program slicing is an effective and important approach for locating and diagnosing software attacks. However, most of the existing dynamic slicing tools perform slicing at the source code level, but the source code of most software is hard to acquire in practice. In order to cope with this issue, a novel lightweight dynamic slicing framework---DYBS, is proposed for diagnosing attacks on x86 binary programs. During the execution, DYBS first gathers the runtime profile information of the target program. Once the attack is encountered and set as the slicing criterion, the normal execution terminates, and a backward program slicing is started to locate the vulnerabilities. Furthermore, a Function Call Filtration optimization mechanism is proposed to improve the performance of the framework. It is proved in the experiments that DYBS can diagnose software attacks with much lower overhead than many other similar analyzing systems.