Paper Info
Title
Towards Heap-Based Memory Corruption Discovery
Abstract
Heap-based memory corruption could cause serious hazards such as system crash, denial of service, arbitrary code execution and data leakage. In most cases, these wrong and dangerous behaviors do not immediately lead program to crash. So finding such vulnerabilities in applications is critical for security. However, some existing dynamic analysis tools tend to be specialized for specific classes of heap-based memory vulnerability rather than comprehensive detection of heap-based memory corruption. Some tools do not actively traverses different execation paths and automatically generate test inputs. In this paper, we propose a new method called concolic testing for heapbased memory corruption (CTHM) to discover comprehensive vulnerabilities. We present different heuristics to select initial inputs based on types and numbers of input paramter, which effectively increase the coverage and find the targets to be analyzed as soon as possible. We propose a custom memory model of dynamic symbolic execution, which minimizes the system performance overhead and is strong consistency with the real program running environment. We provide a comprehensive analysis engine, which could detect different types of heap-based memory vulnerabilities and correctly locate their locations. We have implemented a prototype system of CTHM. Through the analysis and comparison of its experimental data, the result shows that CTHM can find nearly 70% more bugs than S2E with only increasing the overhead by 10%.
Year
DOI
Venue
2021
10.1109/MSN53354.2021.00080
2021 17th International Conference on Mobility, Sensing and Networking (MSN)
Keywords
DocType
ISBN
concolic testing,heap-based memory corruption,non-crash vulnerability,memory model
Conference
978-1-6654-0669-7
Citations 
PageRank 
References 
0
0.34
19
Authors
4
Name
Order
Citations
PageRank
Wenzhi Wang100.34
Meng Fan200.34
Aimin Yu300.34
Dan Meng400.68