A Comprehensive Detection of Memory Corruption Vulnerabilities for C/C plus plus Programs

被引：7

作者：

Gao, Yuhan ^{[1
,2
]}

Chen, Liwei ^{[1
]}

Shi, Gang ^{[1
]}

Zhang, Fei ^{[1
,2
]}

机构：

[1] Chinese Acad Sci, Inst Informat Engn, Beijing, Peoples R China

[2] Univ Chinese Acad Sci, Sch Cyber Secur, Beijing, Peoples R China

来源：

2018 IEEE INT CONF ON PARALLEL & DISTRIBUTED PROCESSING WITH APPLICATIONS, UBIQUITOUS COMPUTING & COMMUNICATIONS, BIG DATA & CLOUD COMPUTING, SOCIAL COMPUTING & NETWORKING, SUSTAINABLE COMPUTING & COMMUNICATIONS | 2018年

基金：

中国国家自然科学基金;

关键词：

memory corruption; vulnerability detection; static analysis; unsafe operations;

D O I：

10.1109/BDCloud.2018.00062

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

Memory corruption bugs in software written in low-level languages like C or C++ are one of the oldest problems in computer security. These unsafe languages are vulnerable to errors relating to the misuse of memory, such as buffer overflows, use-after-free. The exploit of these vulnerabilities allows attackers to tamper or even take full control over the program. In this paper, we propose a lightweight and comprehensive vulnerability detection approach for memory corruption defects in programs written in C or C++. The approach is based on identification of the unsafe operations in source code, including both invalid memory writes and reads. Supporting by flow-sensitive point-to analysis with LLVM and Datalog, and extracted information from abstract syntax tree, our method can analyze the potential memory corruption vulnerabilities in the source code. We evaluate our approach against the SPEC 2006 benchmark suite and Juliet test suite. We also show that the approach achieves high compatibility and reasonable overheads for detection.

引用

页码：354 / 360

页数：7

共 50 条

[1] Enhanced Memory Corruption Detection in C/C plus plus Programs
Lin, Ching-Yi
Yang, Wuu
[J]. PROCEEDINGS OF THE 52ND INTERNATIONAL CONFERENCE ON PARALLEL PROCESSING WORKSHOPS PROCEEDINGS, ICPP-W 2023, 2023, : 71 - 78
[2] A Dynamic Detection Method to C/C plus plus Programs Memory Vulnerabilities Based on Pointer Analysis
Ma, Rui
Chen, Lingkui
Hu, Changzhen
Xue, Jingfeng
Zhao, Xiaolin
[J]. 2013 IEEE 11TH INTERNATIONAL CONFERENCE ON DEPENDABLE, AUTONOMIC AND SECURE COMPUTING (DASC), 2013, : 52 - 57
[3] On Monitoring C/C plus plus Transactional Memory Programs
Fiedor, Jan
Letko, Zdenek
Lourenco, Joao
Vojnar, Tomas
[J]. MATHEMATICAL AND ENGINEERING METHODS IN COMPUTER SCIENCE, MEMICS 2014, 2014, 8934 : 73 - 87
[4] Efficient detection of dangling pointer error for C/C plus plus programs
Zhang, Wenzhe
[J]. 2ND ANNUAL INTERNATIONAL CONFERENCE ON INFORMATION SYSTEM AND ARTIFICIAL INTELLIGENCE (ISAI2017), 2017, 887
[5] A Context-Sensitive Memory Model for Verification of C/C plus plus Programs
Gurfinkel, Arie
Navas, Jorge A.
[J]. STATIC ANALYSIS (SAS 2017), 2017, 10422 : 148 - 168
[6] Local Nontermination Detection for Parallel C plus plus Programs
Still, Vladimir
Barnat, Jiri
[J]. SOFTWARE ENGINEERING AND FORMAL METHODS (SEFM 2019), 2019, 11724 : 373 - 390
[7] Static Analysis Approach for Defect Detection in Multithreaded C/C plus plus Programs
Moiseev, Mikhail
[J]. SOFTWARE ENGINEERING FOR RESILIENT SYSTEMS, SERENE 2013, 2013, 8166 : 169 - 183
[8] SAFEDISPATCH: Securing C plus plus Virtual Calls from Memory Corruption Attacks
Jang, Dongseok
Tatlock, Zachary
Lerner, Sorin
[J]. 21ST ANNUAL NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM (NDSS 2014), 2014,
[9] Detection of Memory Leaks in C/C plus plus Code via Machine Learning
Andrzejak, Artur
Eichler, Felix
Ghanavati, Mohammadreza
[J]. 2017 IEEE 28TH INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING WORKSHOPS (ISSREW 2017), 2017, : 252 - 258
[10] Characterizing Buffer Overflow Vulnerabilities in Large C/C plus plus Projects
Pereira, Jose D'Abruzzo
Ivaki, Naghmeh
Vieira, Marco
[J]. IEEE ACCESS, 2021, 9 : 142879 - 142892

← 1 2 3 4 5 →