Buffer Overflow Vulnerability Location in Binaries Based on Abnormal Execution

Buffer overflow is a very common and dangerous vulnerability. Now there are many methods and tools for this vulnerability, but it is difficult to locate it in binary code. Due to the lack of program semantics in binary programs, it is difficult to determine whether the memory access exceeds its boun...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:2020 4th Annual International Conference on Data Science and Business Analytics (ICDSBA) s. 29 - 31
Hlavní autoři: Gao, Tian, Guo, Xi
Médium: Konferenční příspěvek
Jazyk:angličtina
Vydáno: IEEE 01.09.2020
Témata:
Abnormal Execution
Binary codes
Binary Program
Buffer Overflow
Buffer overflows
Costs
Data science
Layout
Memory Recovery
Semantics
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:Buffer overflow is a very common and dangerous vulnerability. Now there are many methods and tools for this vulnerability, but it is difficult to locate it in binary code. Due to the lack of program semantics in binary programs, it is difficult to determine whether the memory access exceeds its boundary, so we can restore its memory layout to locate the vulnerability. This paper proposes a method: for the same program, input a group of successful execution and abnormal execution data respectively, and then recover the memory of the two kinds of execution. If the memory of successful execution recovery is taken as the buffer boundary, it is easier to judge the buffer overflow in the abnormal execution. In this paper, 20 programs with buffer overflow vulnerability are tested. The experimental results show that the proposed method is more effective than some static program analysis tools in terms of time cost and vulnerability location accuracy.
DOI:10.1109/ICDSBA51020.2020.00015