期刊文献+
共找到2篇文章
< 1 >
每页显示 20 50 100
ELAID:detecting integer-Overflow-to-Buffer-Overflow vulnerabilities by light-weight and accurate static analysis 被引量:1
1
作者 Lili Xu Mingjie Xu +1 位作者 Feng Li Wei Huo 《Cybersecurity》 CSCD 2020年第1期248-266,共19页
The Integer-Overflow-to-Buffer-Overflow(IO2BO)vulnerability has been widely exploited by attackers to cause severe damages to computer systems.Automatically identifying this kind of vulnerability is critical for softw... The Integer-Overflow-to-Buffer-Overflow(IO2BO)vulnerability has been widely exploited by attackers to cause severe damages to computer systems.Automatically identifying this kind of vulnerability is critical for software security.Despite many works have been done to mitigate integer overflow,existing tools either report large number of false positives or introduce unacceptable time consumption.To address this problem,in this article we present a static analysis framework.It first constructs an inter-procedural call graph and utilizes taint analysis to accurately identify potential IO2BO vulnerabilities.Then it uses a light-weight method to further filter out false positives.Specifically,it generates constraints representing the conditions under which a potential IO2BO vulnerability can be triggered,and feeds the constraints to SMT solver to decide their satisfiability.We have implemented a prototype system ELAID based on LLVM,and evaluated it on 228 programs of the NIST’s SAMATE Juliet test suite and 14 known IO2BO vulnerabilities in real world.The experiment results show that our system can effectively and efficiently detect all known IO2BO vulnerabilities. 展开更多
关键词 integer-overflow-to-buffer-overflow(io2bo)vulnerability Inter-procedural dataflow analysis Taint analysis Path satisfiability
原文传递
ELAID:detecting integer-Overflow-to-Buffer-Overflow vulnerabilities by light-weight and accurate static analysis
2
作者 Lili Xu Mingjie Xu +1 位作者 Feng Li Wei Huo 《Cybersecurity》 2018年第1期860-878,共19页
The Integer-Overflow-to-Buffer-Overflow(IO2BO)vulnerability has been widely exploited by attackers to cause severe damages to computer systems.Automatically identifying this kind of vulnerability is critical for softw... The Integer-Overflow-to-Buffer-Overflow(IO2BO)vulnerability has been widely exploited by attackers to cause severe damages to computer systems.Automatically identifying this kind of vulnerability is critical for software security.Despite many works have been done to mitigate integer overflow,existing tools either report large number of false positives or introduce unacceptable time consumption.To address this problem,in this article we present a static analysis framework.It first constructs an inter-procedural call graph and utilizes taint analysis to accurately identify potential IO2BO vulnerabilities.Then it uses a light-weight method to further filter out false positives.Specifically,it generates constraints representing the conditions under which a potential IO2BO vulnerability can be triggered,and feeds the constraints to SMT solver to decide their satisfiability.We have implemented a prototype system ELAID based on LLVM,and evaluated it on 228 programs of the NIST’s SAMATE Juliet test suite and 14 known IO2BO vulnerabilities in real world.The experiment results show that our system can effectively and efficiently detect all known IO2BO vulnerabilities. 展开更多
关键词 integer-overflow-to-buffer-overflow(io2bo)vulnerability Inter-procedural dataflow analysis Taint analysis Path satisfiability
原文传递
上一页 1 下一页 到第
使用帮助 返回顶部