Automatic Discovery and Patching of Buffer and Integer Overflow Errors
作者: Stelios Sidiroglou-Douskos , Martin Rinard , Eric Lahtinen
DOI:
关键词:
摘要: We present Targeted Automatic Patching (TAP), an automatic buffer and integer overflow discovery patching system. Starting with application a seed input that the processes correctly, TAP dynamically analyzes execution of to locate target memory allocation sites statements access or statically allocated blocks memory. It then uses targeted errordiscovery techniques automatically generate inputs trigger and/or overflows at sites. When it discovers error, matches applies patch templates patches eliminate error. Our experimental results show successfully two six errors in real-world applications.
参考文章(44)
Tavis Ormandy, Will Drewry, Flayer: exposing application internals WOOT '07 Proceedings of the first USENIX workshop on Offensive Technologies. pp. 1- ,(2007)
Wenke Lee, Monirul I. Sharif, Andrea Lanzi, Jonathon T. Giffin, Impeding Malware Analysis Using Conditional Code Obfuscation network and distributed system security symposium. pp. 1- 13 ,(2008)
Tielei Wang, Zhiqiang Lin, Tao Wei, Wei Zou, IntScope: Automatically Detecting Integer Overflow Vulnerability in X86 Binary Using Symbolic Execution. network and distributed system security symposium. ,(2009)
Leonardo de Moura, Nikolaj Bjørner, Z3: an efficient SMT solver tools and algorithms for construction and analysis of systems. pp. 337- 340 ,(2008) , 10.1007/978-3-540-78800-3_24
Sasa Misailovic, Martin C. Rinard, Michael Carbin, Michael Kling, Detecting and escaping infinite loops with jolt european conference on object-oriented programming. pp. 609- 633 ,(2011) , 10.5555/2032497.2032537
Michael E. Locasto, Angelos D. Keromytis, Stelios Sidiroglou, Stephen W. Boyd, Building a reactive immune system for software services usenix annual technical conference. pp. 11- 11 ,(2005) , 10.7916/D86D6562
David Molnar, David A. Wagner, Xue Cong Li, Dynamic test generation to find integer bugs in x86 binary linux programs usenix security symposium. pp. 67- 82 ,(2009)
Matthias Neugschwandtner, Asia Slowinska, Istvan Haller, Herbert Bos, Dowsing for overflows: a guided fuzzer to find buffer boundary violations usenix security symposium. pp. 49- 64 ,(2013)
Martin Rinard, Cristian Cadar, William S. Beebee, Daniel M. Roy, Tudor Leu, Daniel Dumitran, Enhancing server availability and security through failure-oblivious computing operating systems design and implementation. pp. 21- 21 ,(2004)
Ramkumar Chinchani, Anusha Iyer, Bharat Jayaraman, Shambhu Upadhyaya, ARCHERR: Runtime Environment Driven Program Safety Computer Security – ESORICS 2004. pp. 385- 406 ,(2004) , 10.1007/978-3-540-30108-0_24