Detection of buffer overflow vulnerabilities in C/C++ with pattern based limited symbolic evaluation

Buffer overflow vulnerability is one of the major security threats for applications written in C/C++. Among the existing approaches for detecting buffer overflow vulnerability, though flow sensitive based approaches offer higher precision but they are limited by heavy overhead and the fact that many...

Full description

Saved in:
Bibliographic Details
Main Authors: Ding, Sun, Tan, Hee Beng Kuan, Liu, Kaiping, Chandramohan, Mahinthan, Zhang, Hongyu
Other Authors: School of Electrical and Electronic Engineering
Format: Conference or Workshop Item
Language:English
Published: 2013
Subjects:
Online Access:https://hdl.handle.net/10356/99418
http://hdl.handle.net/10220/13011
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
id sg-ntu-dr.10356-99418
record_format dspace
spelling sg-ntu-dr.10356-994182020-03-07T13:24:49Z Detection of buffer overflow vulnerabilities in C/C++ with pattern based limited symbolic evaluation Ding, Sun Tan, Hee Beng Kuan Liu, Kaiping Chandramohan, Mahinthan Zhang, Hongyu School of Electrical and Electronic Engineering IEEE Annual Computer Software and Applications Conference Workshops (36th : 2012 : Izmir, Turkey) DRNTU::Engineering::Electrical and electronic engineering Buffer overflow vulnerability is one of the major security threats for applications written in C/C++. Among the existing approaches for detecting buffer overflow vulnerability, though flow sensitive based approaches offer higher precision but they are limited by heavy overhead and the fact that many constraints are unsolvable. We propose a novel method to efficiently detect vulnerable buffer overflows in any given control flow graph through recognizing two patterns. The proposed approach first uses syntax analysis to filter away those branches that cannot possibly comply with any of the two patterns before applying a limited symbolic evaluation for a precise matching against the patterns. The proposed approach only needs to evaluate a limited set of selected branch predicates according to the patterns and avoids the need to deal with a large number of general branch predicates. This significantly improves the scalability while not sacrificing the detection precision. Our experiments demonstrate the scalability and efficiency of the proposed method, which demonstrates its applicability. 2013-08-05T06:27:01Z 2019-12-06T20:06:58Z 2013-08-05T06:27:01Z 2019-12-06T20:06:58Z 2012 2012 Conference Paper https://hdl.handle.net/10356/99418 http://hdl.handle.net/10220/13011 10.1109/COMPSACW.2012.103 en
institution Nanyang Technological University
building NTU Library
country Singapore
collection DR-NTU
language English
topic DRNTU::Engineering::Electrical and electronic engineering
spellingShingle DRNTU::Engineering::Electrical and electronic engineering
Ding, Sun
Tan, Hee Beng Kuan
Liu, Kaiping
Chandramohan, Mahinthan
Zhang, Hongyu
Detection of buffer overflow vulnerabilities in C/C++ with pattern based limited symbolic evaluation
description Buffer overflow vulnerability is one of the major security threats for applications written in C/C++. Among the existing approaches for detecting buffer overflow vulnerability, though flow sensitive based approaches offer higher precision but they are limited by heavy overhead and the fact that many constraints are unsolvable. We propose a novel method to efficiently detect vulnerable buffer overflows in any given control flow graph through recognizing two patterns. The proposed approach first uses syntax analysis to filter away those branches that cannot possibly comply with any of the two patterns before applying a limited symbolic evaluation for a precise matching against the patterns. The proposed approach only needs to evaluate a limited set of selected branch predicates according to the patterns and avoids the need to deal with a large number of general branch predicates. This significantly improves the scalability while not sacrificing the detection precision. Our experiments demonstrate the scalability and efficiency of the proposed method, which demonstrates its applicability.
author2 School of Electrical and Electronic Engineering
author_facet School of Electrical and Electronic Engineering
Ding, Sun
Tan, Hee Beng Kuan
Liu, Kaiping
Chandramohan, Mahinthan
Zhang, Hongyu
format Conference or Workshop Item
author Ding, Sun
Tan, Hee Beng Kuan
Liu, Kaiping
Chandramohan, Mahinthan
Zhang, Hongyu
author_sort Ding, Sun
title Detection of buffer overflow vulnerabilities in C/C++ with pattern based limited symbolic evaluation
title_short Detection of buffer overflow vulnerabilities in C/C++ with pattern based limited symbolic evaluation
title_full Detection of buffer overflow vulnerabilities in C/C++ with pattern based limited symbolic evaluation
title_fullStr Detection of buffer overflow vulnerabilities in C/C++ with pattern based limited symbolic evaluation
title_full_unstemmed Detection of buffer overflow vulnerabilities in C/C++ with pattern based limited symbolic evaluation
title_sort detection of buffer overflow vulnerabilities in c/c++ with pattern based limited symbolic evaluation
publishDate 2013
url https://hdl.handle.net/10356/99418
http://hdl.handle.net/10220/13011
_version_ 1681039269024497664