ELAID: detecting integer-Overflow-to-Buffer-Overflow vulnerabilities by light-weight and accurate static analysis-Reference-Cited by-同舟云学术

ELAID: detecting integer-Overflow-to-Buffer-Overflow vulnerabilities by light-weight and accurate static analysis

Published:2020-09-08 Issue:1 Volume:3 Page:
ISSN:2523-3246
Container-title:Cybersecurity
language:en
Short-container-title:Cybersecur

Author:

Xu Lili,Xu Mingjie,Li Feng,Huo Wei

Abstract

AbstractThe Integer-Overflow-to-Buffer-Overflow (IO2BO) vulnerability has been widely exploited by attackers to cause severe damages to computer systems. Automatically identifying this kind of vulnerability is critical for software security. Despite many works have been done to mitigate integer overflow, existing tools either report large number of false positives or introduce unacceptable time consumption. To address this problem, in this article we present a static analysis framework. It first constructs an inter-procedural call graph and utilizes taint analysis to accurately identify potential IO2BO vulnerabilities. Then it uses a light-weight method to further filter out false positives. Specifically, it generates constraints representing the conditions under which a potential IO2BO vulnerability can be triggered, and feeds the constraints to SMT solver to decide their satisfiability. We have implemented a prototype system ELAID based on LLVM, and evaluated it on 228 programs of the NIST’s SAMATE Juliet test suite and 14 known IO2BO vulnerabilities in real world. The experiment results show that our system can effectively and efficiently detect all known IO2BO vulnerabilities.

Publisher

Springer Science and Business Media LLC

Subject

Artificial Intelligence,Computer Networks and Communications,Information Systems,Software

Link

https://link.springer.com/content/pdf/10.1186/s42400-020-00058-2.pdf

Reference28 articles.

1. Brumley, D, Song DX, Chiueh T, Johnson R, Lin H (2007) RICH: automatically protecting against integer-based vulnerabilities In: Proceedings of the Network and Distributed System Security Symposium, NDSS 2007, 28th February - 2nd March 2007.. The Internet Society, San Diego.

2. Brummayer, R (2009) Efficient smt solving for bit-vectors and the extensional theory of arrays. PhD thesis. Johannes Kepler University, Linz.

3. Chen, K, Feng D, Su P (2012) Dynamic overflow vulnerability detection method based on finite csp(in chinese) In: Chinese Journal of Computers, vol 35, 898–909.. Science Press, Beijing.

4. Chen, P, Han H, Wang Y, Shen X, Yin X, Mao B, Xie L (2009) Intfinder: Automatically detecting integer bugs in x86 binary program In: Information and Communications Security, 11th International Conference, ICICS 2009, December 14-17, 2009. Proceedings. LNCS, vol 5927, 336–345.. Springer, Beijing.

5. Chen, S, Xu J, Sezer EC (2005) Non-control-data attacks are realistic threats. In: McDaniel PD (ed)Proceedings of the 14th USENIX Security Symposium, Baltimore, MD, USA, July 31 - August 5, 2005.. USENIX Association, Baltimore.

Cited by 1 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. DFlow : A Data Flow Analysis Tool for C/C++;IEEJ Transactions on Electrical and Electronic Engineering;2021-08-03