Top

Published in:

2019 | OriginalPaper | Chapter

A Light-Weight and Accurate Method of Static Integer-Overflow-to-Buffer-Overflow Vulnerability Detection

Authors : Mingjie Xu, Shengnan Li, Lili Xu, Feng Li, Wei Huo, Jing Ma, Xinhua Li, Qingjia Huang

Published in: Information Security and Cryptology

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

The Integer-Overflow-to-Buffer-Overflow (IO2BO) vulnerability is an underrated source of security threats. Despite many works have been done to mitigate integer overflow, existing tools either report large number of false positives or introduce unacceptable time consumption. To address this problem, in this paper we present a new static analysis framework. It first utilizes inter-procedural dataflow analysis and taint analysis to accurately identify potential IO2BO vulnerabilities. Then it uses a light-weight method to further filter out false positives. Specifically, it generates constraints representing the conditions under which a potential IO2BO vulnerability can be triggered, and feeds the constraints to SMT solver to decide their satisfiability. We have implemented a prototype system LAID based on LLVM, and evaluated it on 228 programs of the NIST’s SAMATE Juliet test suite and 6 known IO2BO vulnerabilities in real world. The experiment results show that our system can effectively and efficiently detect all known IO2BO vulnerabilities.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter SpamTracer: Manual Fake Review Detection for O2O Commercial Platforms by Using Geolocation Features

next chapter Fully Secure Decentralized Ciphertext-Policy Attribute-Based Encryption in Standard Model

Common vulnerabilities and exposures (CVE). http://cve.mitre.org/

Christey, S., Martin, R.A.: Vulnerability Type Distributions in CVE, May 2007. http://cve.mitre.org/docs/vuln-trends/vuln-trends.pdf

CWE-680: IO2BO vulnerabilities. http://cwe.mitre.org/data/definitions/680.html

Zhang, C., Wang, T., Wei, T., Chen, Y., Zou, W.: IntPatch: automatically fix integer-overflow-to-buffer-overflow vulnerability at compile-time. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 71–86. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15497-3_5CrossRef

Chen, S., Xu, J., Sezer, E.C., Gauriar, P., Iyer, R.K.: Non-control-data attacks are realistic threats. In: Proceedings of the 14th Conference on USENIX Security Symposium, p. 12 (2005)

Sotirov, A.: Heap feng shui in javascript. In: Proceedings of Blackhat Europe (2007)

National vulnerability database. http://nvd.nist.gov/

Lattner, C.: LLVM: An Infrastructure for Multi-Stage Optimization. Master’s thesis, Computer Science Dept., University of Illinois at Urbana-Champaign, Urbana, IL, December 2002

Lattner, C., Adve, V.: LLVM: a compilation framework for lifelong program analysis & transformation. In: Proceedings of the 2004 International Symposium on Code Generation and Optimization (CGO 2004), Palo Alto, California, March 2004

10.

Clang C language family frontend for LLVM. http://clang.llvm.org/

11.

CVE-2005-1141. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1141

12.

CVE-2011-4517. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4517

13.

CVE-2014-9112. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9112

14.

CVE-2016-9601. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9601

15.

CVE-2016-6328. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6328

16.

CVE-2017-16868. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16868

17.

Wang, X., Chen, H., Jia, Z., Zeldovich, N., Kaashoek, M.F.: Improving integer security for systems with KINT. In: Proceedings of the 10th USENIX Conference on Operating Systems Design and Implementation, pp. 163–177 (2012)

18.

Dietz, W., Li, P., Regehr, J., Adve, V.: Understanding integer overflow in C/C ++. In: Proceedings of the 34th International Conference on Software Engineering, ICSE 2012, pp. 760–770. IEEE Press, Zurich (2012)

19.

Pomonis, M., Petsios, T., Jee, K., Polychronakis, M., Keromytis, A.D.: IntFlow: improving the accuracy of arithmetic error detection using information flow tracking. In: Proceedings of the 30th Annual Computer Security Applications Conference, ACSAC 2014, pp. 416–425. ACM, New Orleans (2014)

20.

Chen, P., et al.: IntFinder: automatically detecting integer bugs in x86 binary program. In: Qing, S., Mitchell, C.J., Wang, G. (eds.) ICICS 2009. LNCS, vol. 5927, pp. 336–345. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-11145-7_26CrossRef

21.

Wang, T., Wei, T., Lin, Z., Zou, W.: IntScope: automatically detecting integer overflow vulnerability in x86 binary using symbolic execution. In: Proceedings of the Network and Distributed System Security Symposium (2009)

22.

Vreugdenhil, P.: Pwn2Own 2010 Windows 7 Internet Explorer 8 exploit (2010). http://vreugdenhilresearch.nl/Pwn2Own-2010-Windows7-InternetExplorer8.pdf

23.

Moy, Y., Bjørner, N., Sielaff, D.: Modular bug-finding for integer overflows in the large: sound, efficient, bit-precise static analysis. Technical report MSR-TR-2009-57, Microsoft Research (2009)

24.

Brummayer, R.: Efficient SMT Solving for Bit-Vectors and the Extensional Theory of Arrays. Ph.D thesis, Johannes Kepler University, Linz, Austria, November 2009

25.

Brumley, D., Chiueh, T.c, Johnson, R., Lin, H., Song, D.: Rich: automatically protecting against integer-based vulnerabilities. In: Proceedings of the 14th Annual Network and Distributed System Security Symposium, NDSS 2007 (2007)

26.

Zhang, Y., et al.: Improving accuracy of static integer overflow detection in binary. In: Bos, H., Monrose, F., Blanc, G. (eds.) RAID 2015. LNCS, vol. 9404, pp. 247–269. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-26362-5_12CrossRef

27.

National Institute of Standard and Technology (NIST). SAMATE-software assurance metrics and tool evaluation. http://samate.nist.gov/SARD/testsuite.php

28.

Sun, H., Zhang, X., Su, C., Zeng, Q.: Efficient dynamic tracking technique for detecting integer-overflow-to-buffer-overflow vulnerability. In Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, pp. 483–494. ACM (2015)

29.

Wang, Y., Gu, D., Xu, J., Wen, M., Deng, L.: RICB: integer overflow vulnerability dynamic analysis via buffer overflow. In: Lai, X., Gu, D., Jin, B., Wang, Y., Li, H. (eds.) e-Forensics 2010. LNICST, vol. 56, pp. 99–109. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23602-0_9CrossRef

30.

Chen, K., Feng, D., Su, P.: Dynamic overflow vulnerability detection method based on finite CSP. Chin. J. Comput. 35(5), 898–909 (2012). (in Chinese)CrossRef

31.

Jia, X., Zhang, C., Su, P., Yang, Y., Huang, H., Feng, D.: Towards efficient heap overflow discovery. In: Proceedings of the 26th USENIX Conference on Security Symposium (2017)

Title: A Light-Weight and Accurate Method of Static Integer-Overflow-to-Buffer-Overflow Vulnerability Detection
Authors: Mingjie Xu
Shengnan Li
Lili Xu
Feng Li
Wei Huo
Jing Ma
Xinhua Li
Qingjia Huang
Publisher: Springer International Publishing
Book: Information Security and Cryptology
Print ISBN: 978-3-030-14233-9

Electronic ISBN: 978-3-030-14234-6

Copyright Year: 2019
DOI: https://doi.org/10.1007/978-3-030-14234-6_22

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner