ELAID: detecting integer-Overflow-to-Buffer-Overflow vulnerabilities by light-weight and accurate static analysis

The Integer-Overflow-to-Buffer-Overflow (IO2BO) vulnerability has been widely exploited by attackers to cause severe damages to computer systems. Automatically identifying this kind of vulnerability is critical for software security. Despite many works have been done to mitigate integer overflow, ex...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:Cybersecurity (Singapore) Ročník 3; číslo 1; s. 1 - 19
Hlavní autoři: Xu, Lili, Xu, Mingjie, Li, Feng, Huo, Wei
Médium: Journal Article
Jazyk:angličtina
Vydáno: Singapore Springer Singapore 08.09.2020
Springer Nature B.V
SpringerOpen
Témata:
Buffers
Computer Science
Integer-Overflow-to-Buffer-Overflow (IO2BO) vulnerability
Integers
Inter-procedural dataflow analysis
Overflow
Path satisfiability
Software reliability
Software testing
Taint analysis
Weight reduction
Inter-procedural dataflow analysis
Taint analysis
Path satisfiability
Integer-Overflow-to-Buffer-Overflow (IO2BO) vulnerability
ISSN:2523-3246, 2523-3246
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:The Integer-Overflow-to-Buffer-Overflow (IO2BO) vulnerability has been widely exploited by attackers to cause severe damages to computer systems. Automatically identifying this kind of vulnerability is critical for software security. Despite many works have been done to mitigate integer overflow, existing tools either report large number of false positives or introduce unacceptable time consumption. To address this problem, in this article we present a static analysis framework. It first constructs an inter-procedural call graph and utilizes taint analysis to accurately identify potential IO2BO vulnerabilities. Then it uses a light-weight method to further filter out false positives. Specifically, it generates constraints representing the conditions under which a potential IO2BO vulnerability can be triggered, and feeds the constraints to SMT solver to decide their satisfiability. We have implemented a prototype system ELAID based on LLVM, and evaluated it on 228 programs of the NIST’s SAMATE Juliet test suite and 14 known IO2BO vulnerabilities in real world. The experiment results show that our system can effectively and efficiently detect all known IO2BO vulnerabilities.
Bibliografie:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:2523-3246
2523-3246
DOI:10.1186/s42400-020-00058-2