Paper Info
Title
Finding Buffer Overflow Inducing Loops in Binary Executables
Abstract
Vulnerability analysis is one among the important components of overall software assurance practice. Buffer overflow (BoF) is one example of the such vulnerabilities and it is still the root cause of many effective attacks. A general practice to find BoF is to look for the presence of certain functions that manipulate string buffers, like the strcpy family. In these functions, data is moved from one buffer to another, within a loop, without considering destination buffer size. We argue that similar behaviour may also be present in many other functions that are coded separately, and therefore are equally vulnerable. In the present work, we investigate the detection of such functions by finding loops that exhibit similar behaviour. We call such loops Buffer Overflow Inducing Loops (BOIL). We implemented a lightweight static analysis to detect BOILs, and evaluated it on real-world x86 binary executables. The results obtained show that this (simple but yet efficient) vulnerability pattern happens to be very effective in practice to retrieve real vulnerabilities, providing a drastic reduction of the part of the code to be analysed.
Year
DOI
Venue
2012
10.1109/SERE.2012.30
SERE
Keywords
Field
DocType
vulnerability analysis,buffer overflow,destination buffer size,effective attack,binary executables,overall software assurance practice,finding buffer overflow,loops buffer overflow inducing,exhibit similar behaviour,lightweight static analysis,inducing loops,general practice,string buffer,assembly,bof,security vulnerability,binary codes,static analysis,security,software reliability,code analysis,binary code,registers
x86,Vulnerability (computing),Vulnerability assessment,Computer science,Static analysis,Binary code,Software assurance,Executable,Buffer overflow,Distributed computing
Conference
Citations 
PageRank 
References 
9
0.65
14
Authors
2
Name
Order
Citations
PageRank
Sanjay Rawat114610.59
Laurent Mounier2118779.54