Detecting Integer Overflow Vulnerabilities in Binary Executables Based on Target Filtering and Dynamic Taint Tracing

CUI Baojiang; LIANG Xiaobing; ZHAO Bing; ZHAI Feng; WANG Jianxin

Article Contents

Article Navigation > Chinese Journal of Electronics > 2014 > 23(2): 348-352

CUI Baojiang, LIANG Xiaobing, ZHAO Bing, et al., “Detecting Integer Overflow Vulnerabilities in Binary Executables Based on Target Filtering and Dynamic Taint Tracing,” Chinese Journal of Electronics, vol. 23, no. 2, pp. 348-352, 2014,

Citation:

CUI Baojiang, LIANG Xiaobing, ZHAO Bing, et al., “Detecting Integer Overflow Vulnerabilities in Binary Executables Based on Target Filtering and Dynamic Taint Tracing,” Chinese Journal of Electronics, vol. 23, no. 2, pp. 348-352, 2014,

Citation:

PDF( 419 KB)

Detecting Integer Overflow Vulnerabilities in Binary Executables Based on Target Filtering and Dynamic Taint Tracing

1.
School of Computer, Beijing University of Posts and Telecommunications, Beijing 100876, China;
2.
China Electric Power Research Institute, Beijing 100192, China;
3.
School of Information Science and Technology, Beijing Forestry University Beijing 100083, China

Funds: This work is supported by the National Basic Research Program of China (973 Program) (No.2012CB724400), International S&T Cooperation Special Projects of China (No.2013DFG72850) and the National Natural Science Foundation of China (No.61170268, No.61100047, No.61272493).

Received Date: 2012-11-01
Rev Recd Date: 2013-07-01
Publish Date: 2014-04-05

Abstract

Abstract

The number of identified integer overflow vulnerabilities has been increasing rapidly in recent years. In this paper, a smart software vulnerability detection technology is presented, which is used for the identification of integer overflow vulnerabilities in binary executables. The proposed algorithm is combined with Target filtering and dynamic taint tracing (TFDTT). Dynamic taint tracing is used to reduce the mutation space and target filtering function is used to filter test cases during the process of test case generation. Theory analysis indicates that the efficiency of TFDTT is higher than NonTF-DTT and random Fuzzing technology. And the experiment results indicate that the detection technology based upon TFDTT can identify the possible integer vulnerabilities in binary program, meanwhile, it is more efficiency than other two technologies.
- Integer overflow vulnerability,
- Target filtering,
- Dynamic taint tracing

FullText(HTML)

References(19)

References

Security updates available for Adobe Reader and Acrobat, Vulnerability identifier: APSB10-02, http://www.adobe.com/ support/security/bulletins/apsb10-02.html, 2012-02.

Debian Security Advisory, DSA-1912-1 camlimages — integer overflow, http://www.debian.org/security/2009/dsa-1912, 2012-04.

Basic Integer Overflows, http://www.phrack.org/issues.html? issue=60 and id=10, 2012-04.

Patrice Godefroid, Michael Y. Levin and David Molnar, "Automated whiteboxfuzz testing", Proc. of the 15th Annual Network and Distributed System Security Symposium, San Diego, USA, pp.151-166, 2008.

CristianCadar, Vijay Ganesh, et al, "EXE: Automatically generating inputs of death", ACM Transactions on Information and System Security, Vol.12, No.2, 2008.

Tielei Wang, Tao Wei, et al, "TaintScope: A checksum-aware directed fuzzing tool for automatic software vulnerability detection", Proc. of the 31st IEEE Symposium on Security and Privacy, Oakland, USA, pp.497-512, 2010.

David Molnar, Xue Cong Li and David A. Wagner, "Dynamic test generation to find integer bugs in x86 binary linux programs", Proc. of the 18th conference on USENIX security symposium, Montreal, Canada, pp.67-82, 2009.

TieleiWang, TaoWei, et al, "IntScope: Automatically detecting integer overflow vulnerability in x86 binary using symbolic execution", Proc. of the 16th Annual Network and Distributed System Security Symposium, San Diego, USA, pp.336-345, 2009.

Edward J. Schwartz, Thanassis Avgerinos and David Brumley, "All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask)", Proc. of the 31st IEEE Symposium on Security and Privacy, Oakland, USA, pp.317-331, 2010.

Yichen Xie, Andy Chou, et al, "AREHER: Using symbolic, path-sensitive analysis to detect memory access errors", Proc. of the 9th European software engineering conference, Helsinki, Finland, pp.327-336, 2003.

David Larochelle and David Evans, "Statically detecting likely buffer overflow vulnerabilities", Proc. of the 10th USENIX Security Symposium, Washington, DC, USA, pp.14-14, 2001.

Flawfinder, http://www.dwheeler.com/flawfinder/, 2012-04.

RATS, http://www.fortifysoftware.com/security-resources/rats. jsp, 2012-03.

Aggarwal A, Jalote P,"Integrating static and dynamic analysis for detecting vulnerabilities", Proc. of the 30th International Computer Software and Applications Conference, Chicago, USA, pp.343-350, 2006.

IDA Pro Home page, http://www.datarescue.com/, 2011-10.

Ioannis Doudalis, James Clause, et al, "Effective and efficient memory protection using dynamic tainting", IEEE Transaction on Computers, Vol.61, No.1, pp.87-100, 2012.

Ulf Kargen, Nahid Shahmehri, "InputTracer: A data-flow analysis tool for manual program comprehension of x86 binaries", Proc. of the 12th International Working Conference on Source Code Analysis and Manipulation, Washington, D.C., USA, pp.138-143, 2009.

Cui Baojiang, Ji Yupeng, Wang Jianxin, "An instruction-level symbolic checksum system for windows x86 program", Chinese Journal of Electronics, Vol.21, No.1, pp.22-26,2012.

Pin—A dynamic binary instrumentation tool, http:// www.pintool.org/, 2012-05.

Relative Articles

Supplements(0)

Cited By

Proportional views