IntPatch: Automatically fix integer-overflow-to-buffer-overflow vulnerability at compile-time

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 6345 LNCS, Issue , 2010, Pages 71-86

  Zhang, Chao ^a   Wang, Tielei ^a   Wei, Tao ^a   Chen, Yu ^a   Zou, Wei ^a  

^a PEKING UNIVERSITY   (China)

Author keywords

[No Author keywords available]

Indexed keywords

BUFFER STORAGE; C++ (PROGRAMMING LANGUAGE); PROGRAM COMPILERS;

ANALYSIS FRAMEWORKS; C/C++ PROGRAMS; COMPILE TIME; DESIGN AND IMPLEMENTATIONS; INTEGER OVERFLOW; INTEGER OVERFLOW TO BUFFER OVERFLOWS; REAL-WORLD; RUN-TIME CHECKS; SOFTWARE SECURITY; TYPE THEORY;

DATA FLOW ANALYSIS;

EID: 78049414309     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-15497-3_5     Document Type: Conference Paper

References (40)

1. Cssbench: a css benchmark devised by nontroppo, http://www.howtocreate. co.uk/csstest.html
2. CUPS: a standards-based, open source printing system developed by Apple Inc., http://www.cups.org/
3. Cups' erroneous patch, http://www.cups.org/str.php?L2974
4. CUPS Vulnerability, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE- 2008-1722
5. Cwe-680: Io2bo vulnerabilities, http://cwe.mitre.org/data/definitions/ 680.html
6. Dillo: a lightweight browser, http://www.dillo.org
7. Discussion between programmers and gcc developers, http://gcc.gnu.org/ bugzilla/show-bug.cgi?id=30475#p2
8. Draft of the c99 standard with corrigenda tc1, tc2, and tc3 included, http://www.open-std.org/jtc1/sc22/WG14/www/docs/n1256.pdf
9. FAAD2: A MPEG-4 and MPEG-2 AAC Decoder, http://www.audiocoding.com/faad2. html
10. GStreamer: a framework for streaming media applications, http://gstreamer.freedesktop.org/
11. Intel 64 and ia-32 architectures software developer's manuals, http://www.intel.com/products/processor/manuals/
12. libtiff: TIFF Library and Utilities, http://www.libtiff.org/
13. Ming: a library for generating Macromedia Flash files, http://www.libming.org/
14. Mp4point: a source for free mp4/mpeg-4 video movie clips, http://www.mp4point.com/
15. National vulnerability database, http://nvd.nist.gov/
16. oCERT: Open Source Computer Emergency Response Team, http://www.ocert. org/
17. Pngsuite: The "official" test-suite for png applications like viewers, converters and editors, http://www.schaik.com/pngsuite/
18. Python interpreter suffers from gcc's behavior, http://bugs.python.org/ issue1608
19. Secunia: a Danish computer security service provider, http://secunia.com/
20. Vupen: a company providing security intelligence, http://www.vupen.com/ english/
21. Ahmad, D.: The rising threat of vulnerabilities due to integer errors. IEEE Security and Privacy 1(4), 77-82 (2003)
22. Aho, A. V., Lam, M. S., Sethi, R., Ullman, J. D.: Compilers: Princiles, Techniques, and Tools, 2nd edn. Addison-Wesley, Reading (2006)
23. Brumley, D., Chiueh, T.c., Johnson, R., Lin, H., Song, D.: Rich: Automatically protecting against integer-based vulnerabilities. In: Proceedings of the 14th Annual Network and Distributed System Security Symposium (NDSS 2007) (2007)
24. Cadar, C., Dunbar, D., Engler, D.: Klee: Unassisted and automatic generation of high-coverage tests for complex systems programs. In: USENIX Symposium on Operating Systems Design and Implementation (OSDI 2008), San Diego, CA, USA (2008)
25. Cadar, C., Ganesh, V., Pawlowski, P. M., Dill, D. L., Engler, D. R.: Exe: automatically generating inputs of death. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS 2006 (2006)
26. Ceesay, E., Zhou, J., Gertz, M., Levitt, K., Bishop, M.: Using type qualifiers to analyze untrusted integers and detecting security flaws in c programs. Detection of Intrusions and Malware & Vulnerability Assessment (2006)
27. Chen, S., Kalbarczyk, Z., Xu, J., Iyer, R. K.: A data-driven finite state machine model for analyzing security vulnerabilities. In: IEEE International Conference on Dependable Systems and Networks, pp. 605-614 (2003)
28. Chen, S., Xu, J., Sezer, E. C., Gauriar, P., Iyer, R. K.: Non-control-data attacks are realistic threats. In: Proceedings of the 14th Conference on USENIX Security Symposium, p. 12 (2005)
29. Chinchani, R., Iyer, A., Jayaraman, B., Upadhyaya, S.: Archerr: Runtime environment driven program safety. In: 9th European Symposium on Research in Computer Security, Sophia Antipolis (2004)
30. Cytron, R., Ferrante, J., Rosen, B. K., Wegman, M. N., Zadeck, F. K.: Efficiently computing static single assignment form and the control dependence graph (1991)
31. Foster, J. S., Fähndrich, M., Aiken, A.: A theory of type qualifiers. In: PLDI 1999: Proceedings of the ACM SIGPLAN 1999 Conference on Programming Language Design and Implementation, pp. 192-203. ACM, New York (1999)
32. Foster, J. S., Terauchi, T., Aiken, A.: Flow-sensitive type qualifiers. In: PLDI 2002: Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation, Berlin, Germany, pp. 1-12 (2002)
33. Godefroid, P., Klarlund, N., Sen, K.: Dart: directed automated random testing. In: PLDI 2005: Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 213-223 (2005)
34. Lattner, C.: LLVM: An Infrastructure for Multi-Stage Optimization. Master's thesis, Computer Science Dept., University of Illinois at Urbana-Champaign, Urbana, IL (December 2002), http://llvm.cs.uiuc.edu
35. Lattner, C., Adve, V.: LLVM: A Compilation Framework for Lifelong Program Analysis & Transformation. In: Proceedings of the 2004 International Symposium on Code Generation and Optimization (CGO 2004), Palo Alto, California (March 2004)
36. Molnar, D., Li, X. C., Wagner, D. A.: Dynamic test generation to find integer bugs in x86 binary linux programs. In: Proceedings of the 18th USENIX Security Symposium (2009)
37. Sen, K., Marinov, D., Agha, G.: Cute: a concolic unit testing engine for c. In: ESEC/FSE-13: Proceedings of the 10th European Software Engineering Conference Held Jointly with 13th ACM SIGSOFT International Symposium on Foundations of Software Engineering, pp. 263-272 (2005)
38. Sotirov, A.: Heap feng shui in javascript. In: Proceedings of Blackhat Europe (2007)
39. Wang, T., Wei, T., Lin, Z., Zou, W.: IntScope: Automatically Detecting Integer Overflow Vulnerability in X86 Binary Using Symbolic Execution. In: Proceedings of the 16th Annual Network and Distributed System Security Symposium, San Diego, CA (February 2009)
40. Weiser, M.: Program slicing. In: Proceedings of the 5th International Conference on Software Engineering (1981)