nach oben

Automatic Control and Computer Sciences

Erschienen in:

01.12.2018

An Approach to Vulnerability Searching of Integer Overflows in the Executable Program Code

verfasst von: R. A. Demidov, A. I. Pechenkin, P. D. Zegzhda

Erschienen in: Automatic Control and Computer Sciences | Ausgabe 8/2018

Einloggen, um Zugang zu erhalten

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract—

This article proposes an approach to identifying integer overflow vulnerabilities in software represented by the executable code of x86 architecture. The approach is based on symbolic code execution and initially twofold representation of memory cells. A truncated control transfer graph is constructed from the machine code of the program, the paths in which are layer-by-layer checked for the feasibility of the vulnerability conditions. The proposed methods were implemented in practice and experimentally tested on the various code samples.

Vorheriger Artikel A Blockchain Decentralized Public Key Infrastructure Model

Nächster Artikel Modeling the Dissemination of Information Threats in Social Media

Pechenkin, A.I. and Lavrova, D.S., Modeling the search for vulnerabilities via the fuzzing method using an automation representation of network protocols, Autom. Control Comput. Sci., 2015, vol. 49, no. 8, pp. 826–833.

Pechenkin, A.I. and Nikolskiy, A.V., Architecture of a scalable system of fuzzing network protocols on a multiprocessor cluster, Autom. Control Comp. Sci., 2015, vol. 49, no. 8, pp. 758–765.

Godefroid, P., Microsoft Research, Fuzzing @ Microsoft—A Research Perspective, ACSC 2017.

Boyer, R.S., Elspas, B., and Levitt, K.N., SELECT—a formal system for testing and debugging programs by symbolic execution, Proceedings of the International Conference on Reliable Software, Los Angeles, 1975, pp. 234–245.

King, J.C., Symbolic execution and program testing, Commun. ACM, 1976, vol. 19, no. 7.

Prateek Saxena, Pongsin Poosankam, Stephen McCamant, and Dawn Song, Loop-extended symbolic execution on binary programs, Proceedings of the ACM/SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), 2009.

Chipounov, V., Georgescu, V., Zamfir, C., and Candea, G., Selective symbolic execution, Proceedings of the 5th Workshop on Hot Topics in System Dependability (HotDep), Lisbon, 2009.

Stephens, N., Grosen, J., Salls, C., Dutcher, A., Wang, R., Corbetta, J., Shoshitaishvili, Y., Kruegel, C., and Vigna, G., Driller: Augmenting fuzzing through selective symbolic execution, Network and Distributed System Security Symposium, 2016.

Sang Kil Cha, Avgerinos, T., Rebert, A., and Brumley, D., Unleashing Mayhem on binary code, 2012 IEEE Symposium on Security and Privacy, 2012.

Titel: An Approach to Vulnerability Searching of Integer Overflows in the Executable Program Code
verfasst von: R. A. Demidov
A. I. Pechenkin
P. D. Zegzhda
Publikationsdatum: 01.12.2018
Verlag: Pleiades Publishing
Erschienen in: Automatic Control and Computer Sciences / Ausgabe 8/2018
Print ISSN: 0146-4116
Elektronische ISSN: 1558-108X
DOI: https://doi.org/10.3103/S0146411618080102

Neuer Inhalt

Bildnachweise

VDI-Icon, Profil Icon, inhalt2, Springer Professional Modul/© Springer Fachmedien Wiesbaden GmbH, Zukunftswerkstatt Sales Excellence_ieS/© Springer Fachmedien Wiesbaden GmbH, Search Icon, Banner Hanser, Bunte Männchen, die Kunden darstelle, werden von einem riesigen Magneten angezogen. /© Oleksiy Mark, Dr. Daniel Schneider/© Fraunhofer IESE, Interview Level Ten PPA Bild/© LevelTen, Zeitschrift Wissensmanagement Cover, PatentFit-Logo/© Springer Fachmedien Wiesbaden GmbH, Zukunftswerkstatt Sales Excellence 2024/© AndreyPopov / Getty Images / iStock, 2023_Antrieb/© supervisuell, ATZ-Webinar: Prototypenfreie Entwicklung durch Offline- und Driver-in-the-Loop-HiL-Tests /© (c) VI-grade

Springer Professional

Abstract—

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Weitere Artikel der Ausgabe 8/2018

Architecture of the Protected Cloud Data Storage Using Intel SGX Technology

Implementation of Mandatory Access Control in Distributed Systems

Security Analysis Based on Controlling Dependences of Network Traffic Parameters by Wavelet Transformation

Hierarchical Software-Defined Security Management for Large-Scale Dynamic Networks

Providing Stable Operation of Self-Organizing Cyber-Physical System via Adaptive Topology Management Methods Using Blockchain-Like Directed Acyclic Graph

Prevention of Attacks on Dynamic Routing in Self-Organizing Adhoc Networks Using Swarm Intelligence

Neuer Inhalt

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.