BRICK: A binary tool for run-time detecting and locating integer-based vulnerability

Proceedings - International Conference on Availability, Reliability and Security, ARES 2009

Volumn , Issue , 2009, Pages 208-215

  Chen, Ping ^a   Wang, Yi ^a   Xin, Zhi ^a   Mao, Bing ^a   Xie, Li ^a  

^a NANJING UNIVERSITY   (China)

Author keywords

[No Author keywords available]

Indexed keywords

DYNAMIC BINARY INSTRUMENTATION; FALSE POSITIVE; PLUG-INS; REAL SOFTWARES; RECOMPILATION; ROOT CAUSE; RUNTIMES; SOFTWARE SECURITY; SOURCE CODE ANALYSIS; SOURCE CODES; TYPE INFERENCES;

BINARY SEQUENCES; BRICK; BRICKMAKING; COMPUTER SOFTWARE;

SECURITY OF DATA;

EID: 70349857932     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ARES.2009.77     Document Type: Conference Paper

References (41)

1. N.Nethercote and J. Seward. Valgrind: A framework for heavy weight dynamic binary instrumentation. In Proceedings of PLDI 2007, San Diego, California, USA, June 2007.
2. D. A. Molnar and D. Wagner. Catchconv: Symbolic execution and run-time type inference for integer conversion errors. Technical Report UCB/EECS-2007-23, EECS Department, University of California, Berkeley, February 2007.
3. David Brumley, Tzi-cker Chiueh et.al. RICH: Automatically Protecting Against Integer-Based Vulnerabilities. In Proceedings of the 14th AnnualNetwork and Distributed System Security Symposium( NDSS'07) ,2007.
4. CVE: Vulnerability Type Distributions. May,2007. [Online]. Available: http://cve.mitre.org/docs/vuln-trends/vuln-trends.pdf.
5. "VLC Media Player Integer signedness error vulnerability," CVE, 2008. [Online]. Available: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2008-3794.
6. "VLC Media Player Integer overflow vulnerability," CVE, 2008.[Online]. Available: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE- 2008-3732.
7. "Linux Kernel Integer underflow vulnerability," CVE, 2007. [Online]. Available: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007- 4997.
8. "SSH CRC-32 compensation attack detector vulnerability," CVE, Feb 2001. [Online]. Available: http://www.cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2001-0144.
9. R. Wojtczuk. Uqbtng: a tool capable of automatically finding integer overflows in win32 binaries. In 22nd Chaos Communication Congress, 2005.
10. Cristina Cifuentes and et al. UQBT: A Resourceable and Retargetable Binary Translator. http://www.itee.uq.edu.au/cristina/uqbt.html.
11. O. Horovitz. Big loop integer protection. Phrack Inc., Dec 2002. [Online]. Available: http://www.phrack.org/issues.html?issue=60&id= 9#article.
12. D. LeBlanc. Integer handling with the C++ SafeInt class. Jan 2004. [Online]. Available: http://msdn.microsoft.com/en-us/library/ms972705.aspx.
13. G. Necula, S. McPeak, S. Rahul, and W. Weimer. CIL: Intermediate language and tools for analysis and transformation of C, in Proc. Conference on Compiler Construction, 2002.
14. Stephen Gilmore. Programming in Standard ML, 1997.
15. Ada95 Language Reference Manual, ISO/IEC, 1995.
16. G. C. Necula, S.McPeak, and W.Weimer. CCured: type safe retrofitting of legacy code, in Proceedings of the Symposium on Principles of Programming Languages, 2002.
17. T. Jim, G. Morrisett, D. Grossman,M. Hicks, J.Cheney, and Y.Wang, Cyclone: A safe dialect of c, in USENIX Annual Technical Conference, 2002.
18. "GNU mailutils imap4d remote integer overflow vulnerability," SecurityFocus, Sep 2004. [Online]. Available: http://www.securityfocus.com/bid/ 11198/.
19. "Linux Kernel Integer underflow vulnerability," CVE, 2007. [Online]. Available: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007- 2875.
20. "Gocr ReadPGM NetPBM remote client-side integer overflow vulnerability," CVE, April 2005. [Online].Available: http://cve.mitre.org/ cgi-bin/cvename.cgi?name=CVE-2005-1141.
21. J. Seward and N. Nethercote. Using valgrind to detect undefined value errors with bit-precision. In Proceedings of the USENIX05 Annual Technical Conference, Anaheim, California, USA, April 2005.
22. "Integer overflow in PHP 5.2.5 and prior," CVE, 2008. [Online]. Available: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1384.
23. Michael Howard. Integer Overflow and operator::new, Dec, 2006. [Online]. Available: http://blogs.msdn.com/michael-howard/archive/2005/12/06/500629.aspx.
24. David Evans, John Guttag, James Horning, and Yang Meng Tan. LCLint:A tool for using specification to check code. In Proceedings of the ACM SIGSOFT 94 Symposium on the Foundations of Software Engineering, pages 87-96,1994.
25. Dipanwita Sarkar et.al. Flow-insensitive Static Analysis for Detecting Integer Anomalies in Programs. Proceedings of the 25th conference on IASTED International Multi-Conference: Software Engineering, 2007.
26. Jim Larus et.al. Righting software. In IEEE SOFTWARE published by IEEE Computer Society, 2004.
27. PaX Project. The PaX project, 2004. http://pax. grsecurity.net/.
28. Periklis Akritidis, et,al. Preventing memory error exploits with WIT. IEEE Symposium on Security and Privacy, May, 2008.
29. O.Ruwase and M. Lam. A Practical Dynamic Buffer Overflow Detector. In Proceedings of the 11th AnnualNetwork and Distributed System Security Symposium(NDSS'04),2004.
30. C. Cowan,C. Pu,D.Maier,J.Walpole et al. Stack-Guard:Automatic adaptive detection and prevention of buffer-overflow attacks. In Proceedings of the 7th USENIX Security Conference, San Antonio, Texas,January,1998.
31. C.Cowan, M.Barringer, S. Beattie, G.Kroah-Hartman, M.Frantzen, and J.Lokier. FormatGuard: Automatic protection from printf format string vulnerabilities. In Proceedings of the Usenix Security Symposium, 2001.
32. H.Etoh. GCC extension for protecting applications from stacksmashing attacks. http://www.research.ibm.com/trl/projects/security/ssp/.
33. T.Chiueh and F.Hsu. RAD:A compile-time solution to buffer overflow attacks. In Proc.of the 21st International Conference on Distributed Computing Systems(ICDCS01),2001.
34. C.Cowan, S.Beatties, J.Johansen, and P.Wagle. PointGuard: Protecting pointers from buffer overflow vulnerabilities. In Proceedings of the Usenix Security Symposium, pages 91-104,2003.
35. A.Baratloo, N.Singh, and T.Tsai. Transparent run-time defense against stack smashing attacks(Libsafe-Libverify). In Proceedings of the 2000 USENIX Annual Technical Conference,San Diego, CA,2000.
36. Z.Lin, B.Mao and L.Xie. LibsafeXP:A Pratical and Transparent Tool for Run-time Buffer Overflow Preventions. In Proc. Of the 7th Annual IEEE Information Assurance Workshop(IAW06).West Point, NY. USA, June, 2006.
37. M. Abadi, M. Budiu, U. Erlingsson and J. Ligatti. Control-flow integrity. In Proceedings of the 12th. ACM conference on Computer and communications security(CCS'05), 2005.
38. CVE version: 20061101, CVE. [Online].Available: http://www.cve.mitre.org/ cgi-bin/cvekey.cgi?keyword=integer.
39. T. Wang, T. Wei, Z. Lin and W. Zou. IntScope: Automatically Detecting Integer Overflow Vulnerability In X86 Binary Using Symbolic Execution.In Proceedings of the 16th Annual Network and Distributed System Security Symposium(NDSS'09),2009.
40. Z. Lin, X. Zhang, and D. Xu. Convicting exploitable software vulnerabilities: An efficient input provenance based approach. In Proceedings of the 38th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'08), Anchorage, Alaska, USA, June 2008.
41. Intel Corporation, IA-32 Intel Architecture Software Developers Manual - Volume1: Basic Architecture, November 2006.