CUI Baojiang, LIANG Xiaobing, ZHAO Bing, ZHAI Feng, WANG Jianxin. Detecting Integer Overflow Vulnerabilities in Binary Executables Based on Target Filtering and Dynamic Taint Tracing[J]. Chinese Journal of Electronics, 2014, 23(2): 348-352.
Citation: CUI Baojiang, LIANG Xiaobing, ZHAO Bing, ZHAI Feng, WANG Jianxin. Detecting Integer Overflow Vulnerabilities in Binary Executables Based on Target Filtering and Dynamic Taint Tracing[J]. Chinese Journal of Electronics, 2014, 23(2): 348-352.

Detecting Integer Overflow Vulnerabilities in Binary Executables Based on Target Filtering and Dynamic Taint Tracing

Funds:  This work is supported by the National Basic Research Program of China (973 Program) (No.2012CB724400), International S&T Cooperation Special Projects of China (No.2013DFG72850) and the National Natural Science Foundation of China (No.61170268, No.61100047, No.61272493).
  • Received Date: 2012-11-01
  • Rev Recd Date: 2013-07-01
  • Publish Date: 2014-04-05
  • The number of identified integer overflow vulnerabilities has been increasing rapidly in recent years. In this paper, a smart software vulnerability detection technology is presented, which is used for the identification of integer overflow vulnerabilities in binary executables. The proposed algorithm is combined with Target filtering and dynamic taint tracing (TFDTT). Dynamic taint tracing is used to reduce the mutation space and target filtering function is used to filter test cases during the process of test case generation. Theory analysis indicates that the efficiency of TFDTT is higher than NonTF-DTT and random Fuzzing technology. And the experiment results indicate that the detection technology based upon TFDTT can identify the possible integer vulnerabilities in binary program, meanwhile, it is more efficiency than other two technologies.
  • loading
  • Security updates available for Adobe Reader and Acrobat, Vulnerability identifier: APSB10-02, http://www.adobe.com/ support/security/bulletins/apsb10-02.html, 2012-02.
    Debian Security Advisory, DSA-1912-1 camlimages — integer overflow, http://www.debian.org/security/2009/dsa-1912, 2012-04.
    Basic Integer Overflows, http://www.phrack.org/issues.html? issue=60 and id=10, 2012-04.
    Patrice Godefroid, Michael Y. Levin and David Molnar, "Automated whiteboxfuzz testing", Proc. of the 15th Annual Network and Distributed System Security Symposium, San Diego, USA, pp.151-166, 2008.
    CristianCadar, Vijay Ganesh, et al, "EXE: Automatically generating inputs of death", ACM Transactions on Information and System Security, Vol.12, No.2, 2008.
    Tielei Wang, Tao Wei, et al, "TaintScope: A checksum-aware directed fuzzing tool for automatic software vulnerability detection", Proc. of the 31st IEEE Symposium on Security and Privacy, Oakland, USA, pp.497-512, 2010.
    David Molnar, Xue Cong Li and David A. Wagner, "Dynamic test generation to find integer bugs in x86 binary linux programs", Proc. of the 18th conference on USENIX security symposium, Montreal, Canada, pp.67-82, 2009.
    TieleiWang, TaoWei, et al, "IntScope: Automatically detecting integer overflow vulnerability in x86 binary using symbolic execution", Proc. of the 16th Annual Network and Distributed System Security Symposium, San Diego, USA, pp.336-345, 2009.
    Edward J. Schwartz, Thanassis Avgerinos and David Brumley, "All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask)", Proc. of the 31st IEEE Symposium on Security and Privacy, Oakland, USA, pp.317-331, 2010.
    Yichen Xie, Andy Chou, et al, "AREHER: Using symbolic, path-sensitive analysis to detect memory access errors", Proc. of the 9th European software engineering conference, Helsinki, Finland, pp.327-336, 2003.
    David Larochelle and David Evans, "Statically detecting likely buffer overflow vulnerabilities", Proc. of the 10th USENIX Security Symposium, Washington, DC, USA, pp.14-14, 2001.
    Flawfinder, http://www.dwheeler.com/flawfinder/, 2012-04.
    RATS, http://www.fortifysoftware.com/security-resources/rats. jsp, 2012-03.
    Aggarwal A, Jalote P,"Integrating static and dynamic analysis for detecting vulnerabilities", Proc. of the 30th International Computer Software and Applications Conference, Chicago, USA, pp.343-350, 2006.
    IDA Pro Home page, http://www.datarescue.com/, 2011-10.
    Ioannis Doudalis, James Clause, et al, "Effective and efficient memory protection using dynamic tainting", IEEE Transaction on Computers, Vol.61, No.1, pp.87-100, 2012.
    Ulf Kargen, Nahid Shahmehri, "InputTracer: A data-flow analysis tool for manual program comprehension of x86 binaries", Proc. of the 12th International Working Conference on Source Code Analysis and Manipulation, Washington, D.C., USA, pp.138-143, 2009.
    Cui Baojiang, Ji Yupeng, Wang Jianxin, "An instruction-level symbolic checksum system for windows x86 program", Chinese Journal of Electronics, Vol.21, No.1, pp.22-26,2012.
    Pin—A dynamic binary instrumentation tool, http:// www.pintool.org/, 2012-05.
  • 加载中

Catalog

    通讯作者: 陈斌, bchen63@163.com
    • 1. 

      沈阳化工大学材料科学与工程学院 沈阳 110142

    1. 本站搜索
    2. 百度学术搜索
    3. 万方数据库搜索
    4. CNKI搜索

    Article Metrics

    Article views (378) PDF downloads(2211) Cited by()
    Proportional views
    Related

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return