|
|
计算机科学 2011
New Binary System for Detecting and Locating Integer-based Vulnerability on Run-time Type Analysis
|
Abstract:
Integer-based vulnerability is an extremely serious bug for programs written in languages such as C/C++.Common Vulnerability and Exploit(CVE) shows that as the percentage of buffer overflow has declined,there has been an increase in related vulnerability types,including integer overflows and signedness errors. Here we presented the design, implementation, and evaluation of a tool for run-time detecting and locating integer-based vulnerability. We first translated the binary code into intermediate language VEX on Valgrind, then intercepted integer related statements at run-time, recorded the necessary information, and finally detected and located vulnerability based on the checking scheme. We chose several utility applications, which contain real integer-based vulnerability, to evaluate the effectiveness and run-time performance of our system. Preliminary experimental results are quit promising, it can detect and locate most of integer-based vulnerability in real software, and has very low false positives and negatives.
