Dynamic Detection of Use-After-Free Bugs

被引:1
|
作者
Asryan, S. A. [2 ]
Gaissaryan, S. S. [1 ,3 ,5 ,6 ]
Kurmangaleev, Sh F. [1 ]
Aghabalyan, A. M. [4 ]
Hovsepyan, N. G. [4 ]
Sargsyan, S. S. [4 ]
机构
[1] Russian Acad Sci, Ivannikov Inst Syst Programming, Moscow 109004, Russia
[2] Armenia Natl Acad Sci, Inst Problems Informat & Automat, Yerevan 0014, Armenia
[3] Moscow MV Lomonosov State Univ, Fac Computat Math & Cybernet, Moscow 119991, Russia
[4] Erevan State Univ, Yerevan 0025, Armenia
[5] Moscow Inst Phys & Technol, Dolgoprudnyi, Moscow Oblast, Russia
[6] State Univ Higher Sch Econ, Moscow 101000, Russia
来源
PROGRAMMING AND COMPUTER SOFTWARE | 2019年 / 45卷 / 07期
基金
俄罗斯基础研究基金会;
关键词
Data handling - Program debugging;
D O I
10.1134/S0361768819070028
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
A novel method for detecting use-after-free bugs based on the program dynamic analysis is described. In memory unsafe programming languages, such as C or C++, this class of bugs mainly occurs when the program tries to access an area of dynamically allocated memory that has been already freed. For each program execution path, the method checks the correction of the allocation, deallocation, and access operations. Since the dynamic analysis is used, bugs can be found only in the parts of the code that was actually executed. The symbolic program execution with the help of SMT (Satisfiability Modulo Theories) solvers is used. This allows us to generate data the processing of which produces new execution paths.
引用
收藏
页码:365 / 371
页数:7
相关论文
共 50 条
  • [1] Dynamic Detection of Use-After-Free Bugs
    S. A. Asryan
    S. S. Gaissaryan
    Sh. F. Kurmangaleev
    A. M. Aghabalyan
    N. G. Hovsepyan
    S. S. Sargsyan
    [J]. Programming and Computer Software, 2019, 45 : 365 - 371
  • [2] Detecting use-after-free bugs in embedded C programs
    Wang, Yaxin
    Li, Xiaoqing
    Wu, Gaofei
    Tang, Shijian
    Zhu, Yajie
    Dong, Ting
    [J]. Xi'an Dianzi Keji Daxue Xuebao/Journal of Xidian University, 2021, 48 (01): : 124 - 132
  • [3] FREEWILL: Automatically Diagnosing Use-after-free Bugs via Reference Miscounting Detection on Binaries
    He, Liang
    Hu, Hong
    Su, Purui
    Cai, Yan
    Liang, Zhenkai
    [J]. PROCEEDINGS OF THE 31ST USENIX SECURITY SYMPOSIUM, 2022, : 2497 - 2512
  • [4] DangSan: Scalable Use-after-free Detection
    van der Kouwe, Erik
    Nigade, Vinod
    Giuffrida, Cristiano
    [J]. PROCEEDINGS OF THE TWELFTH EUROPEAN CONFERENCE ON COMPUTER SYSTEMS (EUROSYS 2017), 2017, : 405 - 419
  • [5] UFO: Predictive Concurrency Use-After-Free Detection
    Huang, Jeff
    [J]. PROCEEDINGS 2018 IEEE/ACM 40TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE), 2018, : 609 - 619
  • [6] Effective Static Analysis of Concurrency Use-After-Free Bugs in Linux Device Drivers
    Bai, Jia-Ju
    Lawall, Julia
    Chen, Qiu-Liang
    Hu, Shi-Min
    [J]. PROCEEDINGS OF THE 2019 USENIX ANNUAL TECHNICAL CONFERENCE, 2019, : 255 - 268
  • [7] RTT: Reuse Time Tracking for Use-After-Free Detection
    Du, Yubo
    Guo, Yanan
    Zhang, Youtao
    Yang, Jun
    [J]. PROCEEDINGS OF THE 38TH ACM INTERNATIONAL CONFERENCE ON SUPERCOMPUTING, ACM ICS 2024, 2024, : 376 - 387
  • [8] A Survey of Detection Methods for Software Use-After-Free Vulnerability
    Lu, Faming
    Tang, Mengfan
    Bao, Yunxia
    Wang, Xiaoyu
    [J]. DATA SCIENCE (ICPCSEE 2022), PT II, 2022, 1629 : 272 - 297
  • [9] Scalable Static Detection of Use-After-Free Vulnerabilities in Binary Code
    Zhu, Kailong
    Lu, Yuliang
    Huang, Hui
    [J]. IEEE ACCESS, 2020, 8 : 78713 - 78725
  • [10] POSTER: UAFChecker: Scalable Static Detection of Use-After-Free Vulnerabilities
    Ye, Jiayi
    Zhang, Chao
    Han, Xinhui
    [J]. CCS'14: PROCEEDINGS OF THE 21ST ACM CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2014, : 1529 - 1531
12345