The BORG: Nanoprobing Binaries for Buffer Overreads
作者: Matthias Neugschwandtner , Paolo Milani Comparetti , Istvan Haller , Herbert Bos
关键词:
摘要: Automated program testing tools typically try to explore, and cover, as much of a tested possible, while attempting trigger detect bugs. An alternative complementary approach can be first select specific part that may subject class bug, then narrowly focus exploration towards paths could such bug.In this work, we introduce the BORG (Buffer Over-Read Guard), tool uses static dynamic analysis, taint propagation symbolic execution buffer overread bugs in real-world programs. works by selecting accesses lead an guiding those along actually overread. operates on binaries does not require source code. To demonstrate BORG's effectiveness, use it overreads six complex server applications libraries, including lighttpd, FFmpeg ClamAV.
acm.org
narcis.nl参考文章(36)
Pongsin Poosankam, Dawn Song, Edward XueJun Wu, Chia Yuan Cho, Domagoj Babić, Kevin Zhijie Chen, MACE: model-inference-assisted concolic exploration for protocol and vulnerability discovery usenix security symposium. pp. 10- 10 ,(2011)
Kin-Keung Ma, Khoo Yit Phang, Jeffrey S. Foster, Michael Hicks, Directed symbolic execution static analysis symposium. pp. 95- 111 ,(2011) , 10.1007/978-3-642-23702-7_11
David A. Molnar, Michael Y. Levin, Patrice Godefroid, Automated Whitebox Fuzz Testing. network and distributed system security symposium. ,(2008)
David Brumley, Thanassis Avgerinos, Sang Kil Cha, Brent Lim Tze Hao, AEG: Automatic Exploit Generation network and distributed system security symposium. ,(2011) , 10.1184/R1/6468296.V1
Matthias Neugschwandtner, Asia Slowinska, Istvan Haller, Herbert Bos, Dowsing for overflows: a guided fuzzer to find buffer boundary violations usenix security symposium. pp. 49- 64 ,(2013)
Fabrice Bellard, QEMU, a fast and portable dynamic translator usenix annual technical conference. pp. 41- 41 ,(2005)
Cristian Cadar, Daniel Dunbar, Dawson Engler, KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs operating systems design and implementation. pp. 209- 224 ,(2008) , 10.5555/1855741.1855756
Erik Bosman, Asia Slowinska, Herbert Bos, Minemu: The World’s Fastest Taint Tracker Lecture Notes in Computer Science. pp. 1- 20 ,(2011) , 10.1007/978-3-642-23644-0_1
Konstantin Serebryany, Derek Bruening, Alexander Potapenko, Dmitry Vyukov, AddressSanitizer: a fast address sanity checker usenix annual technical conference. pp. 28- 28 ,(2012)
K. Z. Snow, F. Monrose, L. Davi, A. Dmitrienko, C. Liebchen, A. Sadeghi, Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization ieee symposium on security and privacy. pp. 574- 588 ,(2013) , 10.1109/SP.2013.45