<p>The correct application of cryptography is crucial for protecting confidentiality, integrity, and sensitive information in modern software systems. However, cryptographic APIs are frequently misused in practice because they are difficult to apply correctly and their security implications are often highly context dependent. Existing misuse detection research mainly targets source code, while binary-level detection remains underexplored despite its ability to access concrete runtime states and validate misuse conditions more directly. Binary analysis for cryptographic misuse faces three major challenges: severe path explosion, difficult parameter provenance recovery, and limited credibility of purely static results. To address these challenges, we present CryptoBinaryRz, a binary-level cryptographic misuse detection framework that combines locality-based region construction, context-aware dynamic provenance, path reuse-aware state management, and constraint-based misuse verification. Our method constrains analysis to sink-centered local regions, recovers parameter influence through symbolic mutation, restores nearby cryptographic calling environments through role abstraction, and reuses semantically equivalent paths during layered provenance expansion. In this way, the framework improves both scalability and semantic precision without relying on full control-flow graph construction. We also reformulate cryptographic misuse rules under a dynamic analysis setting so that runtime contexts and local calling environments can be jointly considered during verification. Experiments on 175 samples with isolated cryptographic behaviors and 11 real-world GitHub projects show that CryptoBinaryRz achieves over 95% detection accuracy and identifies 204 misuse instances, while substantially reducing the analysis cost associated with large binaries. These results suggest that binary-level analysis can provide richer and more trustworthy evidence for cryptographic misuse detection than source-level inspection alone.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

CryptoBinaryRz: a binary detection framework based on regional centralization dynamic analysis of cryptographic misuse

  • Xi Luo,
  • Zecheng Zhang,
  • Lihua Yin,
  • Shijie Jia,
  • Runda Huang,
  • Haiyang Zhang

摘要

The correct application of cryptography is crucial for protecting confidentiality, integrity, and sensitive information in modern software systems. However, cryptographic APIs are frequently misused in practice because they are difficult to apply correctly and their security implications are often highly context dependent. Existing misuse detection research mainly targets source code, while binary-level detection remains underexplored despite its ability to access concrete runtime states and validate misuse conditions more directly. Binary analysis for cryptographic misuse faces three major challenges: severe path explosion, difficult parameter provenance recovery, and limited credibility of purely static results. To address these challenges, we present CryptoBinaryRz, a binary-level cryptographic misuse detection framework that combines locality-based region construction, context-aware dynamic provenance, path reuse-aware state management, and constraint-based misuse verification. Our method constrains analysis to sink-centered local regions, recovers parameter influence through symbolic mutation, restores nearby cryptographic calling environments through role abstraction, and reuses semantically equivalent paths during layered provenance expansion. In this way, the framework improves both scalability and semantic precision without relying on full control-flow graph construction. We also reformulate cryptographic misuse rules under a dynamic analysis setting so that runtime contexts and local calling environments can be jointly considered during verification. Experiments on 175 samples with isolated cryptographic behaviors and 11 real-world GitHub projects show that CryptoBinaryRz achieves over 95% detection accuracy and identifies 204 misuse instances, while substantially reducing the analysis cost associated with large binaries. These results suggest that binary-level analysis can provide richer and more trustworthy evidence for cryptographic misuse detection than source-level inspection alone.