Loading…
Detecting Integer Overflow Vulnerabilities in Binary Executables Based on Target Filtering and Dynamic Taint Tracing
The number of identified integer overflow vulnerabilities has been increasing rapidly in recent years. In this paper, a smart software vulnerability detection technology is presented, which is used for the identifica- tion of integer overflow vulnerabilities in binary executa- bles. The proposed alg...
Saved in:
| Published in: | 电子学报:英文版 2014-04, Vol.23 (2), p.348-352 |
|---|---|
| Main Author: | |
| Format: | Article |
| Language: | English |
| Subjects: | |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| cited_by | |
|---|---|
| cites | |
| container_end_page | 352 |
| container_issue | 2 |
| container_start_page | 348 |
| container_title | 电子学报:英文版 |
| container_volume | 23 |
| creator | CUI Baojiang LIANG Xiaobing ZHAO Bing ZHAI Feng WANG Jianxin |
| description | The number of identified integer overflow vulnerabilities has been increasing rapidly in recent years. In this paper, a smart software vulnerability detection technology is presented, which is used for the identifica- tion of integer overflow vulnerabilities in binary executa- bles. The proposed algorithm is combined with Target fil- tering and dynamic taint tracing (TFDTT). Dynamic taint tracing is used to reduce the mutation space and target fil- tering function is used to filter test cases during the process of test case generation. Theory analysis indicates that the efficiency of TFDTT is higher than NonTF-DTT and ran- dom Fuzzing technology. And the experiment results in- dicate that the detection technology based upon TFDTT can identify the possible integer vulnerabilities in binary program, meanwhile, it is more efficiency than other two technologies. |
| format | article |
| fullrecord | <record><control><sourceid>chongqing</sourceid><recordid>TN_cdi_chongqing_primary_49522457</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><cqvip_id>49522457</cqvip_id><sourcerecordid>49522457</sourcerecordid><originalsourceid>FETCH-LOGICAL-c181t-8b8d4656fb5ee3ead73154894a59e8c941b5c60fea6e99a615631f1c98a364df3</originalsourceid><addsrcrecordid>eNotj8tOwzAURL0Aiar0H8wHRIrjR-wlfUGlSt0EttW1cx0spS44LtC_xwhWI81IZ2ZuyIzVTVMJJfkdWUxTsHWt2loy1sxIXmNGl0Mc6C5mHDDRwycmP56_6OtljJjAhjHkgBMNkS5DhHSlm290lwx2LO4SJuzpOdIO0oCZbsOYMf0CIfZ0fY1wCq6EIWbaJXAluSe3HsYJF_86Jy_bTbd6rvaHp93qcV85plmutNV9Wa28lYgcoW85k0IbAdKgdkYwK52qPYJCY0AxqTjzzBkNXIne8zl5-OO6t3McPkrz8T2FU3lwFEY2jZAt_wHaU1er</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>Detecting Integer Overflow Vulnerabilities in Binary Executables Based on Target Filtering and Dynamic Taint Tracing</title><source>IEEE Xplore All Journals</source><creator>CUI Baojiang LIANG Xiaobing ZHAO Bing ZHAI Feng WANG Jianxin</creator><creatorcontrib>CUI Baojiang LIANG Xiaobing ZHAO Bing ZHAI Feng WANG Jianxin</creatorcontrib><description>The number of identified integer overflow vulnerabilities has been increasing rapidly in recent years. In this paper, a smart software vulnerability detection technology is presented, which is used for the identifica- tion of integer overflow vulnerabilities in binary executa- bles. The proposed algorithm is combined with Target fil- tering and dynamic taint tracing (TFDTT). Dynamic taint tracing is used to reduce the mutation space and target fil- tering function is used to filter test cases during the process of test case generation. Theory analysis indicates that the efficiency of TFDTT is higher than NonTF-DTT and ran- dom Fuzzing technology. And the experiment results in- dicate that the detection technology based upon TFDTT can identify the possible integer vulnerabilities in binary program, meanwhile, it is more efficiency than other two technologies.</description><identifier>ISSN: 1022-4653</identifier><language>eng</language><subject>二进制 ; 可执行文件 ; 整数 ; 污点 ; 测试用例生成 ; 溢出漏洞 ; 滤波 ; 跟踪检测</subject><ispartof>电子学报:英文版, 2014-04, Vol.23 (2), p.348-352</ispartof><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Uhttp://image.cqvip.com/vip1000/qk/86774X/86774X.jpg</thumbnail><link.rule.ids>314,780,784</link.rule.ids></links><search><creatorcontrib>CUI Baojiang LIANG Xiaobing ZHAO Bing ZHAI Feng WANG Jianxin</creatorcontrib><title>Detecting Integer Overflow Vulnerabilities in Binary Executables Based on Target Filtering and Dynamic Taint Tracing</title><title>电子学报:英文版</title><addtitle>Chinese of Journal Electronics</addtitle><description>The number of identified integer overflow vulnerabilities has been increasing rapidly in recent years. In this paper, a smart software vulnerability detection technology is presented, which is used for the identifica- tion of integer overflow vulnerabilities in binary executa- bles. The proposed algorithm is combined with Target fil- tering and dynamic taint tracing (TFDTT). Dynamic taint tracing is used to reduce the mutation space and target fil- tering function is used to filter test cases during the process of test case generation. Theory analysis indicates that the efficiency of TFDTT is higher than NonTF-DTT and ran- dom Fuzzing technology. And the experiment results in- dicate that the detection technology based upon TFDTT can identify the possible integer vulnerabilities in binary program, meanwhile, it is more efficiency than other two technologies.</description><subject>二进制</subject><subject>可执行文件</subject><subject>整数</subject><subject>污点</subject><subject>测试用例生成</subject><subject>溢出漏洞</subject><subject>滤波</subject><subject>跟踪检测</subject><issn>1022-4653</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2014</creationdate><recordtype>article</recordtype><recordid>eNotj8tOwzAURL0Aiar0H8wHRIrjR-wlfUGlSt0EttW1cx0spS44LtC_xwhWI81IZ2ZuyIzVTVMJJfkdWUxTsHWt2loy1sxIXmNGl0Mc6C5mHDDRwycmP56_6OtljJjAhjHkgBMNkS5DhHSlm290lwx2LO4SJuzpOdIO0oCZbsOYMf0CIfZ0fY1wCq6EIWbaJXAluSe3HsYJF_86Jy_bTbd6rvaHp93qcV85plmutNV9Wa28lYgcoW85k0IbAdKgdkYwK52qPYJCY0AxqTjzzBkNXIne8zl5-OO6t3McPkrz8T2FU3lwFEY2jZAt_wHaU1er</recordid><startdate>20140401</startdate><enddate>20140401</enddate><creator>CUI Baojiang LIANG Xiaobing ZHAO Bing ZHAI Feng WANG Jianxin</creator><scope>2RA</scope><scope>92L</scope><scope>CQIGP</scope><scope>W92</scope><scope>~WA</scope></search><sort><creationdate>20140401</creationdate><title>Detecting Integer Overflow Vulnerabilities in Binary Executables Based on Target Filtering and Dynamic Taint Tracing</title><author>CUI Baojiang LIANG Xiaobing ZHAO Bing ZHAI Feng WANG Jianxin</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c181t-8b8d4656fb5ee3ead73154894a59e8c941b5c60fea6e99a615631f1c98a364df3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2014</creationdate><topic>二进制</topic><topic>可执行文件</topic><topic>整数</topic><topic>污点</topic><topic>测试用例生成</topic><topic>溢出漏洞</topic><topic>滤波</topic><topic>跟踪检测</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>CUI Baojiang LIANG Xiaobing ZHAO Bing ZHAI Feng WANG Jianxin</creatorcontrib><collection>维普_期刊</collection><collection>中文科技期刊数据库-CALIS站点</collection><collection>中文科技期刊数据库-7.0平台</collection><collection>中文科技期刊数据库-工程技术</collection><collection>中文科技期刊数据库- 镜像站点</collection><jtitle>电子学报:英文版</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>CUI Baojiang LIANG Xiaobing ZHAO Bing ZHAI Feng WANG Jianxin</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Detecting Integer Overflow Vulnerabilities in Binary Executables Based on Target Filtering and Dynamic Taint Tracing</atitle><jtitle>电子学报:英文版</jtitle><addtitle>Chinese of Journal Electronics</addtitle><date>2014-04-01</date><risdate>2014</risdate><volume>23</volume><issue>2</issue><spage>348</spage><epage>352</epage><pages>348-352</pages><issn>1022-4653</issn><abstract>The number of identified integer overflow vulnerabilities has been increasing rapidly in recent years. In this paper, a smart software vulnerability detection technology is presented, which is used for the identifica- tion of integer overflow vulnerabilities in binary executa- bles. The proposed algorithm is combined with Target fil- tering and dynamic taint tracing (TFDTT). Dynamic taint tracing is used to reduce the mutation space and target fil- tering function is used to filter test cases during the process of test case generation. Theory analysis indicates that the efficiency of TFDTT is higher than NonTF-DTT and ran- dom Fuzzing technology. And the experiment results in- dicate that the detection technology based upon TFDTT can identify the possible integer vulnerabilities in binary program, meanwhile, it is more efficiency than other two technologies.</abstract><tpages>5</tpages></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 1022-4653 |
| ispartof | 电子学报:英文版, 2014-04, Vol.23 (2), p.348-352 |
| issn | 1022-4653 |
| language | eng |
| recordid | cdi_chongqing_primary_49522457 |
| source | IEEE Xplore All Journals |
| subjects | 二进制 可执行文件 整数 污点 测试用例生成 溢出漏洞 滤波 跟踪检测 |
| title | Detecting Integer Overflow Vulnerabilities in Binary Executables Based on Target Filtering and Dynamic Taint Tracing |
| url | http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-15T06%3A41%3A36IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-chongqing&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Detecting%20Integer%20Overflow%20Vulnerabilities%20in%20Binary%20Executables%20Based%20on%20Target%20Filtering%20and%20Dynamic%20Taint%20Tracing&rft.jtitle=%E7%94%B5%E5%AD%90%E5%AD%A6%E6%8A%A5%EF%BC%9A%E8%8B%B1%E6%96%87%E7%89%88&rft.au=CUI%20Baojiang%20LIANG%20Xiaobing%20ZHAO%20Bing%20ZHAI%20Feng%20WANG%20Jianxin&rft.date=2014-04-01&rft.volume=23&rft.issue=2&rft.spage=348&rft.epage=352&rft.pages=348-352&rft.issn=1022-4653&rft_id=info:doi/&rft_dat=%3Cchongqing%3E49522457%3C/chongqing%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c181t-8b8d4656fb5ee3ead73154894a59e8c941b5c60fea6e99a615631f1c98a364df3%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_id=info:pmid/&rft_cqvip_id=49522457&rfr_iscdi=true |