期刊文献+

ELAID:detecting integer-Overflow-to-Buffer-Overflow vulnerabilities by light-weight and accurate static analysis

原文传递
导出
摘要 The Integer-Overflow-to-Buffer-Overflow(IO2BO)vulnerability has been widely exploited by attackers to cause severe damages to computer systems.Automatically identifying this kind of vulnerability is critical for software security.Despite many works have been done to mitigate integer overflow,existing tools either report large number of false positives or introduce unacceptable time consumption.To address this problem,in this article we present a static analysis framework.It first constructs an inter-procedural call graph and utilizes taint analysis to accurately identify potential IO2BO vulnerabilities.Then it uses a light-weight method to further filter out false positives.Specifically,it generates constraints representing the conditions under which a potential IO2BO vulnerability can be triggered,and feeds the constraints to SMT solver to decide their satisfiability.We have implemented a prototype system ELAID based on LLVM,and evaluated it on 228 programs of the NIST’s SAMATE Juliet test suite and 14 known IO2BO vulnerabilities in real world.The experiment results show that our system can effectively and efficiently detect all known IO2BO vulnerabilities.
出处 《Cybersecurity》 2018年第1期860-878,共19页 网络空间安全科学与技术(英文)
基金 supported in part by the National Natural Science Foundation of China(Grant No.61802394,U1836209) Foundation of Science and Technology on Information Assurance Laboratory(No.KJ-17-110) National Key Research and Development Program of China(2016QY071405) Strategic Priority Research Program of the CAS(XDC02040100,XDC02030200,XDC02020200).
  • 相关文献

参考文献1

二级参考文献36

  • 1夏一民,罗军,张民选.基于条件范围约束的越界访问检测方法[J].计算机研究与发展,2006,43(10):1760-1766. 被引量:2
  • 2Hind M. Pointer analysis: Haven't we solved this problem yet ?//Proceedings of the 2001 ACMSIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engi- neering(PASTE'01). Snowbird, USA, 2001:54-61.
  • 3Cova M, Fe|metsger V, Banks G, Vigna G. Static detection of vulnerabilities in x86 exeeutables//Proceedings of the An- nual Computer Security Applications Conference (ACSAC). Miami, USA, 20061 269-278.
  • 4Costa M, Crowcroft J, Castro M, Rowstron A, Zhou L, Zhang L, Barharn P. Vigilante: End-to-end containment of Internet worms//Proceedings of the 20th ACM Symposium on Operating Systems Principles, New York, USA, 2005: 133-147.
  • 5Sezer E C, Ning P, Kil C, Xu J. MemSherlock: An automa- ted debugger for unknown memory corruption vulnerabili- ties//Proeeedings of the 14th ACM Conference on Computer and Communications Security. Alexandria, USA, 2007: 562-572.
  • 6Wagner D, Foster J S, Brewer E A, Aiken A. A first step towards automated detection of buffer overrun vulnerabili- ties//Proceedings of the Network and Distributed System Se- curity Symposium. San Diego, USA, 2000:3-17.
  • 7Xie Y, Chou A, Engler D. ARCHER: Using symbolic, path-sensitive analysis to detect memory access errors. ACM SIGSOFT Software Engineering Notes, 2003, 28 (5) : 327- 336.
  • 8Evans D, Larochelle D. Improving security using extensible lightweight static analysis. IEEE Soi'tware, 2002, 19 (1) : 42-51.
  • 9Nguyen T V N, Irigoin F. Efficient and effective array bound checking. ACM Transactions on Programming Languages and Systems (TOPLAS), 2005, 27(3) : 527-570.
  • 10Rugina R, Rinard M C. Symbolic bounds analysis of point- ers, array indices, and accessed memory regions. ACM Transactions on Programming Languages and Systems (TOPLAS), 2005, 27(2) : 185-235.

共引文献9

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部