Efficient Dynamic Tracking Technique for Detecting Integer-Overflow-to-Buffer-Overflow Vulnerability

Author:

Sun Hao1,Zhang Xiangyu2,Su Chao1,Zeng Qingkai1

Affiliation:

1. Nanjing University, Nanjing, China

2. Purdue University, West Lafayette, IN, USA

Funder

National Natural Science Foundation of China

National Key Technology R&D Program of China

National High Technology Research and Development Program of China

Publisher

ACM

Reference41 articles.

1. CWE-680: Io2bo vulnerabilities. http://cwe.mitre.org/data/definitions/680.html. CWE-680: Io2bo vulnerabilities. http://cwe.mitre.org/data/definitions/680.html.

2. GCC the GNU Compiler Collection. https://gcc.gnu.org/. GCC the GNU Compiler Collection. https://gcc.gnu.org/.

3. Overflow-inducing input for CVE-2005-0199. https://bugs.gentoo.org/show_bug.cgi?id=79705. Overflow-inducing input for CVE-2005-0199. https://bugs.gentoo.org/show_bug.cgi?id=79705.

4. Overflow-inducing input for CVE-2005-1141. http://www.overflow.pl/adv/gocr.txt. Overflow-inducing input for CVE-2005-1141. http://www.overflow.pl/adv/gocr.txt.

5. Overflow-inducing input for CVE-2006-4812. http://www.exploit-db.com/exploits/28760/. Overflow-inducing input for CVE-2006-4812. http://www.exploit-db.com/exploits/28760/.

Cited by 11 articles. 订阅此论文施引文献 订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献

1. IntTracer: Sanitization-aware IO2BO Vulnerability Detection across Codebases;Proceedings of the 2024 IEEE/ACM 46th International Conference on Software Engineering: Companion Proceedings;2024-04-14

2. Vulnerability detection in Java source code using a quantum convolutional neural network with self-attentive pooling, deep sequence, and graph-based hybrid feature extraction;Scientific Reports;2024-03-28

3. WASMDYPA: Effectively Detecting WebAssembly Bugs via Dynamic Program Analysis;2024 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER);2024-03-12

4. Runtime Recovery for Integer Overflows;2022 6th International Conference on System Reliability and Safety (ICSRS);2022-11-23

5. Integer Overflow Detection with Delayed Runtime Test;The 16th International Conference on Availability, Reliability and Security;2021-08-17

同舟云学术

1.学者识别学者识别

2.学术分析学术分析

3.人才评估人才评估

"同舟云学术"是以全球学者为主线,采集、加工和组织学术论文而形成的新型学术文献查询和分析系统,可以对全球学者进行文献检索和人才价值评估。用户可以通过关注某些学科领域的顶尖人物而持续追踪该领域的学科进展和研究前沿。经过近期的数据扩容,当前同舟云学术共收录了国内外主流学术期刊6万余种,收集的期刊论文及会议论文总量共计约1.5亿篇,并以每天添加12000余篇中外论文的速度递增。我们也可以为用户提供个性化、定制化的学者数据。欢迎来电咨询!咨询电话:010-8811{复制后删除}0370

www.globalauthorid.com

TOP

Copyright © 2019-2024 北京同舟云网络信息技术有限公司
京公网安备11010802033243号  京ICP备18003416号-3