IntScope: Automatically Detecting Integer Overflow Vulnerability in X86 Binary Using Symbolic Execution
نویسندگان
چکیده
The number of identified integer overflow vulnerabilities has been increasing rapidly in recent years. In this paper, we present a system, IntScope, which can automatically detect integer overflow vulnerabilities in x86 binaries before an attacker does, with the goal of finally eliminating the vulnerabilities. IntScope first translates the disassembled code into our own intermediate representation (IR), and then performs a path sensitive data flow analysis on the IR by leveraging symbolic execution and taint analysis to identify the vulnerable point of integer overflow. Compared with other approaches, IntScope does not run the binary directly, and is scalable to large software as it can just symbolically execute the interesting program paths. Experimental results show IntScope is quite encouraging: it has detected more than 20 zero-day integer overflows (e.g., CVE-2008-4201, FrSIRT/ADV-2008-2919) in widely-used software such as QEMU, Xen and Xine.
منابع مشابه
Dynamic Test Generation to Find Integer Bugs in x86 Binary Linux Programs
Recently, integer bugs, including integer overflow, width conversion, and signed/unsigned conversion errors, have risen to become a common root cause for serious security vulnerabilities. We introduce new methods for discovering integer bugs using dynamic test generation on x86 binaries, and we describe key design choices in efficient symbolic execution of such programs. We implemented our meth...
متن کاملProving Memory Safety of the ANI Windows Image Parser Using Compositional Exhaustive Testing
We report in this paper how we proved memory safety of a complex Windows image parser written in low-level C in only three months of work and using only three core techniques, namely (1) symbolic execution at the x86 binary level, (2) exhaustive program path enumeration and testing, and (3) user-guided program decomposition and summarization. We also used a new tool, named MicroX, for executing...
متن کاملSenx: Sound Patch Generation for Security Vulnerabilities
Many techniques have been proposed for automatic patch generation and the overwhelming majority of them rely on the quality of test suites to prove the correctness of the patches that they generate. However, the quality of test suites is usually undesirable and hence the quality of the patches is ill-suited for security vulnerabilities. To address this, we propose an approach that generates pat...
متن کاملUsing Type Qualifiers to Analyze Untrusted Integers and Detecting Security Flaws in C Programs
Incomplete or improper input validation is one of the major sources of security bugs in programs. While traditional approaches often focus on detecting string related buffer overflow vulnerabilities, we present an approach to automatically detect potential integer misuse, such as integer overflows in C programs. Our tool is based on CQual, a static analysis tool using type theory. Our technique...
متن کاملPractical Integer Overflow Prevention
Integer overflows in commodity software are a main source for software bugs, which can result in exploitable memory corruption vulnerabilities and may eventually contribute to powerful software based exploits, i.e., code reuse attacks (CRAs). In this paper, we present INTGUARD, a symbolic execution based tool that can repair integer overflows with high-quality source code repairs. Specifically,...
متن کامل