Integer Overflow Vulnerabilities Detection in Software Binary Code

被引:1
|
作者
Demidov, Roman [1 ]
Pechenkin, Alexander [1 ]
Zegzhda, Peter [1 ]
机构
[1] Peter Great St Petersburg Polytech Univ, 29 Politekh Skaya Ul, St Petersburg, Russia
来源
SIN'17: PROCEEDINGS OF THE 10TH INTERNATIONAL CONFERENCE ON SECURITY OF INFORMATION AND NETWORKS | 2017年
关键词
Vulnerability finding; symbolic execution; symbolic memory; vulnerability classification; control flow graph; integer overflow;
D O I
10.1145/3136825.3136872
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
In this papers we propose a new approach to detect integer overflow vulnerabilities in executable x86-architecture code. The approach is based on symbolic execution of the code and the dual representation of memory. We build truncated control flow graph, based on the machine code. Layers in that graph are checked for the feasibility of vulnerability conditions. The proposed methods were implemented and experimentally tested on executable code.
引用
收藏
页码:101 / 106
页数:6
相关论文
共 50 条
  • [1] Buffer Overflow Detection on Binary Code
    郑燕飞
    李晖
    陈克非
    [J]. Journal of Shanghai Jiaotong University(Science), 2006, (02) : 224 - 229
  • [2] Dynamic and static analyses of integer overflow vulnerabilities
    [J]. Wen, Jiangtao, 1600, Tsinghua University (54):
  • [3] Detecting Integer Overflow Vulnerabilities in Binary Executables Based on Target Filtering and Dynamic Taint Tracing
    CUI Baojiang
    LIANG Xiaobing
    ZHAO Bing
    ZHAI Feng
    WANG Jianxin
    [J]. Chinese Journal of Electronics, 2014, 23 (02) : 348 - 352
  • [4] Detecting Integer Overflow Vulnerabilities in Binary Executables Based on Target Filtering and Dynamic Taint Tracing
    Cui Baojiang
    Liang Xiaobing
    Zhao Bing
    Zhai Feng
    Wang Jianxin
    [J]. CHINESE JOURNAL OF ELECTRONICS, 2014, 23 (02) : 348 - 352
  • [5] Detecting integer overflow vulnerabilities in binary executables based on Target filtering and dynamic taint tracing
    [J]. 1600, Chinese Institute of Electronics (23):
  • [6] Mutation-based Testing of Integer Overflow Vulnerabilities
    Zeng, Fanping
    Mao, Liangliang
    Chen, Zhide
    Cao, Qing
    [J]. 2009 5TH INTERNATIONAL CONFERENCE ON WIRELESS COMMUNICATIONS, NETWORKING AND MOBILE COMPUTING, VOLS 1-8, 2009, : 4416 - 4419
  • [7] Memory Corruption Vulnerabilities Detection for Android Binary Software
    Zhang, Bin
    Wu, Bo
    Feng, Chao
    Tang, Chaojing
    [J]. 2015 IEEE INTERNATIONAL CONFERENCE ON SIGNAL PROCESSING, COMMUNICATIONS AND COMPUTING (ICSPCC), 2015, : 16 - 20
  • [8] A methodology for the automated identification of buffer overflow vulnerabilities in executable software without source-code
    Duraes, J
    Madeira, H
    [J]. DEPENDABLE COMPUTING, PROCEEDINGS, 2005, 3747 : 20 - 34
  • [9] Deep Learning for Software Vulnerabilities Detection Using Code Metrics
    Zagane, Mohammed
    Abdi, Mustapha Kamel
    Alenezi, Mamdouh
    [J]. IEEE ACCESS, 2020, 8 : 74562 - 74570
  • [10] Integer squarers with overflow detection
    Gok, Mustafa
    [J]. COMPUTERS & ELECTRICAL ENGINEERING, 2008, 34 (05) : 378 - 391
12345