A Detecting Method of Array Bounds Defects Based on Symbolic Execution

被引:1
|
作者
Shan, Chun [1 ]
Sun, Shiyou [1 ]
Xue, Jingfeng [1 ]
Hu, Changzhen [1 ]
Zhu, Hongjin [1 ]
机构
[1] Beijing Inst Technol, Sch Software, Beijing Key Lab Software Secur Engn Technol, Beijing 100081, Peoples R China
来源
NETWORK AND SYSTEM SECURITY | 2017年 / 10394卷
基金
国家重点研发计划; 中国国家自然科学基金;
关键词
Software security; Array bounds; Symbolic execution;
D O I
10.1007/978-3-319-64701-2_27
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Array bounds is the most commonly fault in java programs design, it often leads to wrong results even system crash. To solve these problems, this paper proposed a detecting array bounds method based on symbolic execution. The method generated the abstract syntax tree from the source code, and then created a control flow graph according to the abstract syntax tree. It adopted flaw detectors to detect defects of array bound. Finally, using the standard function to test the ability of this method in detecting array bounds. The results indicated that this method can detect array bounds defects of crossing process indirectly, array bounds defects within process and array bounds defects of crossing process directly very well and it is better than some existing Java methods of detecting array bounds defects.
引用
收藏
页码:373 / 385
页数:13
相关论文
共 50 条
  • [1] Array representation in symbolic execution
    Coen-Porisini, Alberto, 1600, (18):
  • [2] ARRAY REPRESENTATION IN SYMBOLIC EXECUTION
    COENPORISINI, A
    DEPAOLI, F
    COMPUTER LANGUAGES, 1993, 18 (03): : 197 - 216
  • [3] A unit-based symbolic execution method for detecting memory corruption vulnerabilities in executable codes
    Baradaran, Sara
    Heidari, Mahdi
    Kamali, Ali
    Mouzarani, Maryam
    INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 2023, 22 (05) : 1277 - 1290
  • [4] A unit-based symbolic execution method for detecting memory corruption vulnerabilities in executable codes
    Sara Baradaran
    Mahdi Heidari
    Ali Kamali
    Maryam Mouzarani
    International Journal of Information Security, 2023, 22 : 1277 - 1290
  • [5] A Unit-Based Symbolic Execution Method for Detecting Heap Overflow Vulnerability in Executable Codes
    Mouzarani, Maryam
    Kamali, Ali
    Baradaran, Sara
    Heidari, Mahdi
    TESTS AND PROOFS (TAP 2022), 2022, 13361 : 89 - 105
  • [6] Accelerating Array Constraints in Symbolic Execution
    Perry, David M.
    Mattavelli, Andrea
    Zhang, Xiangyu
    Cadar, Cristian
    PROCEEDINGS OF THE 26TH ACM SIGSOFT INTERNATIONAL SYMPOSIUM ON SOFTWARE TESTING AND ANALYSIS (ISSTA'17), 2017, : 68 - 78
  • [7] Detecting Integer Overflow in Windows Binary Executables based on Symbolic Execution
    Zhang, Bin
    Feng, Chao
    Wu, Bo
    Tang, Chaojing
    2016 17TH IEEE/ACIS INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING, ARTIFICIAL INTELLIGENCE, NETWORKING AND PARALLEL/DISTRIBUTED COMPUTING (SNPD), 2016, : 385 - 390
  • [8] Optimal Refinement-based Array Constraint Solving for Symbolic Execution
    Liu, Meixi
    Shuai, Ziqi
    Liu, Luyao
    Ma, Kelin
    Ma, Ke
    2022 29TH ASIA-PACIFIC SOFTWARE ENGINEERING CONFERENCE, APSEC, 2022, : 299 - 308
  • [9] Symbolic execution optimization method based on input constraint
    Wang S.
    Lin Y.
    Yang Q.
    Li M.
    Tongxin Xuebao/Journal on Communications, 2019, 40 (03): : 19 - 27
  • [10] An Automatic Exploit Generation Method Based on Symbolic Execution
    Fang Hao
    Fen-Wenbo
    Fu-Menglin
    2018 EIGHTH INTERNATIONAL CONFERENCE ON INSTRUMENTATION AND MEASUREMENT, COMPUTER, COMMUNICATION AND CONTROL (IMCCC 2018), 2018, : 437 - 440
12345