Finding Buffer Overflow Inducing Loops in Binary Executables
- 1 June 2012
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE) in 2012 IEEE Sixth International Conference on Software Security and Reliability
- p. 177-186
- https://doi.org/10.1109/sere.2012.30
Abstract
Vulnerability analysis is one among the important components of overall software assurance practice. Buffer overflow (BoF) is one example of the such vulnerabilities and it is still the root cause of many effective attacks. A general practice to find BoF is to look for the presence of certain functions that manipulate string buffers, like the strcpy family. In these functions, data is moved from one buffer to another, within a loop, without considering destination buffer size. We argue that similar behaviour may also be present in many other functions that are coded separately, and therefore are equally vulnerable. In the present work, we investigate the detection of such functions by finding loops that exhibit similar behaviour. We call such loops Buffer Overflow Inducing Loops (BOIL). We implemented a lightweight static analysis to detect BOILs, and evaluated it on real-world x86 binary executables. The results obtained show that this (simple but yet efficient) vulnerability pattern happens to be very effective in practice to retrieve real vulnerabilities, providing a drastic reduction of the part of the code to be analysed.Keywords
This publication has 12 references indexed in Scilit:
- LoongChecker: Practical Summary-Based Semi-simulation to Detect Vulnerability in Binary CodePublished by Institute of Electrical and Electronics Engineers (IEEE) ,2011
- RELEASE: Generating Exploits Using Loop-Aware Concolic ExecutionPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2011
- DispatcherPublished by Association for Computing Machinery (ACM) ,2009
- User-Input Dependence Analysis via Graph ReachabilityPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2008
- Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications2008 IEEE Symposium on Security and Privacy (SP 2008), 2008
- BitBlaze: A New Approach to Computer Security via Binary AnalysisLecture Notes in Computer Science, 2008
- WYSINWYX: What You See Is Not What You eXecuteLecture Notes in Computer Science, 2008
- String analysis for x86 binariesACM SIGSOFT Software Engineering Notes, 2005
- A Modal Model of MemoryLecture Notes in Computer Science, 2001
- Alias analysis of executable codePublished by Association for Computing Machinery (ACM) ,1998