Ming YIN,Gongxuan ZHANG

DOI: https://doi.org/10.3969/j.issn.1671-7775.2016.04.013

2016-01-01

Abstract:According to the causes of buffer overflows,a novel detection method was proposed based on source code analysis.The sources were pre-processed and analyzed statically to construct relevant abstract syntax tree,control flow graph,function call graph and variable table in sequence.A finite automata based on the developed detection model was created to detect overflows.The C/C ++program with common buffer overflows was used to demonstrate the proposed method.The extensive experimental results show that compared to existing methods,the proposed detection model can detect all buffer overflow vulnerabilities efficiently.The dangerous function calls and the overflow filtering mechanism in the code can be recognized to reduce false positive rate.The proposed method can also be easily extended to detect the buffer overflows in the codes of other language source.

张实睿,许蕾,徐宝文

DOI: https://doi.org/10.3969/j.issn.1003-7985.2009.02.016

2009-01-01

Abstract:A simplified integer overflow detection method based on path relaxation is described for avoiding buffer overflow triggered by integer overflow. When the integer overflow refers to the size of the buffer allocated dynamically, this kind of integer overflow is most likely to trigger buffer overflow. Based on this discovery, through lightly static program analysis, the solution traces the key variables referring to the size of a buffer allocated dynamically and it maintains the upper bound and lower bound of these variables. After the constraint information of these traced variables is inserted into the original program, this method tests the program with test cases through path relaxation, which means that it not only reports the errors revealed by the current runtime value of traced variables contained in the test case, but it also examines the errors possibly occurring under the same execution path with all the possible values of the traced variables. The effectiveness of this method is demonstrated in a case study. Compared with the traditional buffer overflow detection methods, this method reduces the burden of detection and improves efficiency.

Lanlan Qi,Jiangtao Wen,Yu Chen,Qixue Xiao

DOI: https://doi.org/10.16511/j.cnki.qhdxxb.2014.09.020

2014-01-01

Abstract:Different software vulnerabilities have different characteristics.220 integer overflow vulnerabilities are analyzed to develop three kinds of detection strategies to reduce the false positives from static analyses.Static analyses identify the type of integer overflow while dynamic analyses accurately identify the integer overflow vulnerability.This method combines the advantages of the two analyses to detect vulnerabilities.The static analysis is used to detect the integer overflow and obtain the integer overflow type and related information.This information is then used by the dynamic analysis to insert hooks into the code using the automatic pile technique.Then,the algorithm calls the integer overflow marker interface and performs symbolic execution with the reconstruction expressions.This method is used to analyze the Lighttpd-1.4.29 and Linux kernel 3.4 systems.This method can greatly reduce the number of false positives.The number of false positives for Lighttpd-1.4.29 is reduced by 374,accounting for 67.3％ of the total.The number of false positives for Linux kernel 3.4 is reduced by 159 761,accounting for 98.2％ of the total.This system also successfully finds the CVE-2011-4362 and CVE-2013-1763 integer overflow vulnerabilities.

Cui Baojiang,Liang Xiaobing,Zhao Bing,Zhai Feng,Wang Jianxin

2014-01-01

Abstract:The number of identified integer overflow vulnerabilities has been increasing rapidly in recent years. In this paper, a smart software vulnerability detection technology is presented, which is used for the identification of integer overflow vulnerabilities in binary executables. The proposed algorithm is combined with Target filtering and dynamic taint tracing (TFDTT). Dynamic taint tracing is used to reduce the mutation space and target filtering function is used to filter test cases during the process of test case generation. Theory analysis indicates that the efficiency of TFDTT is higher than NonTF-DTT and random Fuzzing technology. And the experiment results indicate that the detection technology based upon TFDTT can identify the possible integer vulnerabilities in binary program, meanwhile, it is more efficiency than other two technologies.

Zhang Xing,Zhang Bin,Feng Chao,Zhang Quan

DOI: https://doi.org/10.1051/itmconf/20160703003

2016-01-01

ITM Web of Conferences

Abstract:Nowadays binary static analysis uses dangerous system library function to detect stack overflow vulnerary in program and there is no effective way to dig out the function which can cause stack overflow issue. List necessarily characteristics of the function which may cause stack overflow vulnerary and define stack overflow dangerous function(SODF). Then introduce static taint analysis to detect SODF include taint introduction, taint propagation and taint checking stragety. Next describe the particular process of detecting SODF in the program with static taint analysis. Finally choose 4 runtime library and 2 binary software, and detect whether the chosen software has SODF and locate the name of SODF with static taint analysis. Testing result shows that the algorithm can detect and locate plenty of SODF in test program which means the algorithm can work efficiently.

徐国爱,张淼,陈爱国,李忠献

DOI: https://doi.org/10.3969/j.issn.1007-5321.2008.06.022

2008-01-01

Abstract:Through analyzing the principium of integer overflow,an integer overflow detection method on software source code is proposed which is based on integer variable unification.We presented the integer variable unification method and defined three unified actions which were used in three given cases.Then the detection process was described,it simplified integer overflow flaw into mathematic inequalities,and removed the influence of context to the objective variable.Finally, instances were provided to demonstrate the effectiveness and practicability of the presented method.

Baojiang Cui,XiaoBing Liang,Jianxin Wang

2010-01-01

Abstract:The number of identified integer overflow vulnerabilities has been increasing rapidly in recently years. The path explosion problem caused by the complicated conditional branches in the software results in many difficulties in the detection of integer overflow vulnerabilities. A smart software vulnerability detection technology was developed to identify integer overflow vulnerabilities in binary executables. The algorithm uses symbolic execution technology to obtain path constraint conditions in the binary executables and uses a fitness function to guide the generation of inputs to the detection technology. Tests indicate that the smart detection technology based upon symbolic execution and an integer-valued genetic algorithm more quickly identifies integer overflow vulnerabilities in the object program than conventional Fuzzing detection methods.

孔德光,郑烇,帅建梅,陈超,葛瑶

2009-01-01

Abstract:Static analysis technology is a significant method to detect software vulnerabilities. To cope with the problem of untrusting data inputs leading to software vulnerabilities, presents a vulnerability detection method based on taint analysis. It tracks various kinds of input including program parameters and environment variables ,marks the type of input, after constructing the control flow graph, makes use of dataflow information, propagating the taint data to the vulnerability functions, to settle the problem of buffer overflow and format string. It utilizes the related information of control flow and dataflow during this process, thus improves the accuracy and decreases the false negatives. It is proved by experiment that this technology is an effective vulnerability analysis method.

Rui Ma,Yiming Yan,Long Wang,Changzhen Hu,Jingfeng Xue

2016-01-01

Abstract:Buffer overflow vulnerability is currently one of the most serious software security vulnerabilities. Taking effective methods to detect buffer overflow vulnerabilities is of great significance to improve the robustness and security of software. After analyzing the principle of buffer overflow and various buffer overflow vulnerabilities, as well as comparing static with dynamic detection techniques, this paper presents a static detection method for buffer overflow based on abstract syntax tree, especially for vulnerabilities caused by string accessing of C source code. The proposed method first generates an abstract syntax tree for the source code by using the GCC compiler, and collects the characteristics of vulnerability by analyzing AST nodes. For the nodes associated with the buffer overflow, the method further gives a formal description of that characteristic so as to generate security attributed and constraint rules. By traversing the abstract syntax tree, the proposed method finally determines whether buffer overflow vulnerability exists in the source code. Experiments with 12 C programs were carried out on the Windows platform, and each program has been discovered at least one typical buffer overflow vulnerability. The experimental results highlight the feasibility and effectiveness of the proposed method, especially in the detecting out of range for a pointer, an array, and a structure object, as well as the buffer overflow vulnerability caused by some C library function calls.

Ping CHEN,Hao HAN,Xiao-bing SHEN,Xin-chun YIN,Bing MAO,Li XIE

2010-01-01

Tien Tzu Hsueh Pao/Acta Electronica Sinica

Abstract:In recent years, Integer bugs have been rising sharply and become a potential threat as it is often hidden behind other bugs. In this paper, we propose a tool which can automatically detect Integer bugs. We implement the tool based on static and dynamic program analysis. In the static phase, the tool decompiles a binary and creates the suspect instruction set. In the dynamic phase, it monitors the instructions in the suspect set and generates the test cases to further detect which instructions are real Integer bugs. Our tool has two advantages. First, it provides more accurate and sufficient type information. Second, static analysis reduces the instructions which are monitored at runtime. Experimental results shows that our tool can efficiently detect the Integer bugs in several real-world programs. In addition, our tool has no false negatives and low false positives.

Xi Lu

2010-01-01

Journal of Software

Abstract:This paper presents an automatic testing method,DAIDT(dynamic automatic integer-overflow detection and testing),for finding integer overflow fatal bugs in binary code.DAIDT can thoroughly test the binary code and automatically find unknown integer overflow bugs without necessarily knowing their symbol tables.It is formally proved in this paper that DAIDT can theoretically detect all the high-risk integer overflow bugs with no false positives and no false negatives.In additional,any bugs find by DAIDT can be replayed.To demonstrate the effectiveness of this theory,IntHunter has been implemented.It has found 4 new high risk integer overflow bugs in the latest releases of three high-trusted applications(two Microsoft WINS services in Windows 2000 and 2003 Server,Baidu Hi Instant Messager) by testing each for 24 hours.Three of these bugs allow arbitrary code execution and have received confirmed vulnerabilities numbers,CVE-2009-1923,CVE-2009-1924 from Microsoft Security Response Center and CVE-2008-6444 from Baidu.

Baojiang Cui,Xiaobing Liang,Jianxin Wang

DOI: https://doi.org/10.1007/978-3-642-25664-6_30

2011-01-01

Abstract:The automatic identification of security vulnerabilities in the binary code is still a young but important research area for the security researchers. In recent years, the number of identified integer overflow vulnerabilities has been increasing rapidly. In this paper, we present a smart software vulnerability detection technology, which is used for the identification of integer overflow vulnerabilities in the binary executables. The proposed algorithm is combined with debugger module, static analysis module and genetic algorithm module. We use the fitness function to guide the generation of the tested data and use static analysis to provide the information that the genetic module needs. Theory analyses and experiment results indicate that the detection technology based upon genetic algorithm can identify the exceptions in the object program and is more efficient than the common Fuzzing technology.

CHEN Shikun,LI Zhoujun,HUANG Yonggang,XING Jianying

DOI: https://doi.org/10.3321/j.issn:1000-0054.2009.z2.016

2009-01-01

Abstract:Buffer overflows are the main source of security issues in C programs.This paper presents a SAT-based technique to identify buffer overflows in C source codes using a source-to-source transformation which adds some statements into the source code to model the buffer properties, with some asserts to describe the buffer overflows.Then, the asserts are checked by SAT tools.This technique was used to automatically identify buffer overflows in source codes in 1 164 code fragments from a publicly available benchmark.Tests show that the system accurately located buffer overflow vulnerabilities in these programs with zero false alarms and an omission rate of only 2.08%.

Fanping Zeng,Liangliang Mao,Zhide Chen,Qing Cao

DOI: https://doi.org/10.1109/WICOM.2009.5302048

2009-01-01

Abstract:Integer overflow vulnerability is a kind of common software vulnerabilities, there has been no effective way to detect integer overflow vulnerabilities. Because of the lack of dynamic execution, static analysis can not determine the run-time distribution of memory, and may miss the detection of possible security issues; source code auditing is an expensive and time consuming process. Although there has been applying mutation analysis for testing ANSI C programs, and lots of mutation operators have been designed with respect to specific questions, there are not any of operators specifically designed for integer overflow. In this paper, we propose some new mutation operators to force the generation of adequate test data set for integer overflow vulnerabilities. The results indicate that the proposed operators are effective for detecting integer overflow vulnerabilities.

ZHANG Mingjun,LUO Jun

DOI: https://doi.org/10.3969/j.issn.1000-3428.2005.18.015

2005-01-01

Abstract:The paper presents an extended flow-insensitive pointer analysis algorithm used in statical buffer overflow analysis,which translates the control flow graph (CFG) into static single assignment(SSA),repeated calls a flow-insensitive pointer analysis and then generates precise point-to set for each pointer variable.Finally,it updates the constraint information in the define-use chain of pointer variable.The paper implements the algorithm in LLVM compiler system and measures the analysis result and times for a set of benchmark programs.The empirical results show that the result is as good as the flow-sensitive analysis but efficiency is higher than flow-sensitive analysis.

KIA Yi-min,CAO Hong-jia,LUO Jun,ZHANG Min-xuan

DOI: https://doi.org/10.3969/j.issn.1007-130x.2007.01.027

2007-01-01

Abstract:This paper proposes a flow-sensitive algorithm to detect buffer overruns statically. Using control flow and data flow analysis with demand-driven techniques, it builds the linear constraints of statements that access memory or call a function, and transforms the problem of buffer overrun detection into the problem of linear constraint resolution. Based on the algorithm, we implement a prototype. Experimental results show the prototype is accurate and efficient in identifying vulnerabilities.

JiaYu Li,Ye Yao,Yian Zhu,Mutitaba,Yongkai Zhang,Hang Li

DOI: https://doi.org/10.1109/icnisc60562.2023.00011

2023-01-01

Abstract:The paper presented and implemented a C-Scanner source code vulnerability detection tool, which can solve the buffer overflow problem. The main idea was to rewrite the source code of a C or C++, so that the resulting code contained the safe version of the old vulnerable functions, which may contain a buffer overflow security problem. If rewriting was not possible, due to some reasons, a warning was issued along with a hint to solve the problem if it was possible. C-Scanner in this paper took the C or C++ source code as input, and then it did a parsing process. Every time it encountered a vulnerable function call, it classified this function call. If this function call was belonging to a category of its interest, then it would rewrite this vulnerable function by a safe version, which prevented the buffer overflow vulnerability.

Tieyun BAO,Fengjuan GAO,Yan ZHOU,You LI,Linzhang WANG,Xuandong LI

DOI: https://doi.org/10.19363/j.cnki.cn10-1380/tn.2016.02.005

2016-01-01

Abstract:Buffer overflow vulnerability is a kind of serious security defect. Currently there are dynamic and static ap-proaches to detect buffer overflow. The effectiveness of Dynamic tools depends on design of test case, and they often in-troduce execution overhead. Static program analysis techniques have been widely used in buffer overflow detection, which often report a large number of false warnings. Manual validating the results of static analysis is time consuming and er-ror-prone, which severely limits the usefulness of static analysis tools. Symbolic execution is a promising software testing and analysis technology, which systematically explore execution space of test program and generates test cases with high coverage. In this paper we propose a novel approach for automatic buffer overflow warnings validating based on symbolic execution.Our approach is consist of three steps:firstly detect the reachability of statements in static analysis path segment in inter procedural control flow graph and map the static path segment sets to complete path sets which are used to be val-idated;secondly guide the symbolic execution so that we only focus on the execution paths that cover the buffer overflow warnings generated by static program analysis through pruning useless path; finally construct warning path constraints according to buffer overflow vulnerability models at suspicios statements and classify results depend on the output of con-straint solver. Based on the proposed technique we implemented a prototype tool BOVTool and our experimental results on real open source programs show that the percentage of false warnings which do not need to be manually validated is 59.9%on average.

Yifei Xiao,Dahai Jin,Dalin Zhang

DOI: https://doi.org/10.2991/icmmcce-15.2015.435

2015-01-01

Abstract:In the modern society, with the high-speed development of computer science and technology, the wave of the Internet economy is around the world, the use of computer software in every corner of our lives, various applications emerge in endlessly, people pay more and more attention on software security. Tainted data which comes from the external input variables and has been used by some function without detection of legitimacy is a kind of code security defect. In this paper, the author provides a detailed analysis and classification on the cause of the security defect, and introduces a method of tainted data detection based on static code analysis. The detection method preprocesses the code firstly to create abstract syntax tree, symbol table, control flow graph and function call graph. To analysis the relationship between the function calls, the author uses the function summary instead of expansion of the functions. In the last, by using this method to detect some open source projects, the experiment shows that this method has both lower positive rate and negative rate.

ZHANG Jun-xian,LI Zhou-jun

DOI: https://doi.org/10.13190/j.jbupt.2016.s.012

2016-01-01

Abstract:Buffer overflow is a source of many security problems in C programs. A new tool named Path-Checker to detect buffer overflows in C codes using dynamic symbolic execution method is proposed. PathChecker uses quantifier-free predicate formulas to describe the safety properties of buffer access oper-ations and check these properties using a SMT solver. Experimental results show the effectiveness of this tool which is very easy to extend to check other safety properties.