Abstract | ||
---|---|---|
In the last few years, several approaches have been proposed to perform vulnerability analysis of applications written in high-level languages. However, little has been done to automatically identify security-relevant flaws in binary code. In this paper, we present a novel approach to the identification of vulnerabilities in x86 executables in ELF binary format. Our approach is based on static analysis and symbolic execution techniques. We implemented our approach in a proof-of-concept tool and used it to detect taint-style vulnerabilities in binary code. The results of our evaluation show that our approach is both practical and effective. |
Year | DOI | Venue |
---|---|---|
2006 | 10.1109/ACSAC.2006.50 | Miami Beach, FL |
Keywords | Field | DocType |
machine oriented languages,program diagnostics,security of data,software tools,binary code,binary static analysis,executable and linking format,security-relevant flaws identification,symbolic execution,taint analysis,vulnerability analysis,x86 executables,Vulnerability analysis,binary static analysis,symbolic execution,taint analysis. | x86,Computer science,Vulnerability assessment,Computer security,Static analysis,Binary code,Real-time computing,Taint checking,Symbolic execution,Executable,Binary number | Conference |
ISSN | ISBN | Citations |
1063-9527 | 0-7695-2716-7 | 35 |
PageRank | References | Authors |
2.48 | 18 | 4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Marco Cova | 1 | 1425 | 71.19 |
Viktoria Felmetsger | 2 | 313 | 15.93 |
Greg Banks | 3 | 201 | 15.26 |
Giovanni Vigna | 4 | 7121 | 507.72 |