ELAID: detecting integer-Overflow-to-Buffer-Overflow vulnerabilities by light-weight and accurate static analysis

The Integer-Overflow-to-Buffer-Overflow (IO2BO) vulnerability has been widely exploited by attackers to cause severe damages to computer systems. Automatically identifying this kind of vulnerability is critical for software security. Despite many works have been done to mitigate integer overflow, ex...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Cybersecurity (Singapore) Jg. 3; H. 1; S. 1 - 19
Hauptverfasser: Xu, Lili, Xu, Mingjie, Li, Feng, Huo, Wei
Format: Journal Article
Sprache:Englisch
Veröffentlicht: Singapore Springer Singapore 08.09.2020
Springer Nature B.V
SpringerOpen
Schlagworte:
Buffers
Computer Science
Integer-Overflow-to-Buffer-Overflow (IO2BO) vulnerability
Integers
Inter-procedural dataflow analysis
Overflow
Path satisfiability
Software reliability
Software testing
Taint analysis
Weight reduction
Inter-procedural dataflow analysis
Taint analysis
Path satisfiability
Integer-Overflow-to-Buffer-Overflow (IO2BO) vulnerability
ISSN:2523-3246, 2523-3246
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The Integer-Overflow-to-Buffer-Overflow (IO2BO) vulnerability has been widely exploited by attackers to cause severe damages to computer systems. Automatically identifying this kind of vulnerability is critical for software security. Despite many works have been done to mitigate integer overflow, existing tools either report large number of false positives or introduce unacceptable time consumption. To address this problem, in this article we present a static analysis framework. It first constructs an inter-procedural call graph and utilizes taint analysis to accurately identify potential IO2BO vulnerabilities. Then it uses a light-weight method to further filter out false positives. Specifically, it generates constraints representing the conditions under which a potential IO2BO vulnerability can be triggered, and feeds the constraints to SMT solver to decide their satisfiability. We have implemented a prototype system ELAID based on LLVM, and evaluated it on 228 programs of the NIST’s SAMATE Juliet test suite and 14 known IO2BO vulnerabilities in real world. The experiment results show that our system can effectively and efficiently detect all known IO2BO vulnerabilities.
Bibliographie:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:2523-3246
2523-3246
DOI:10.1186/s42400-020-00058-2