Locating vulnerabilities in binaries via memory layout recovering

Locating vulnerabilities in binaries via memory layout recovering

Locating vulnerabilities is an important task for security auditing, exploit writing, and code hardening. However, it is challenging to locate vulnerabilities in binary code, because most program semantics (e.g., boundaries of an array) is missing after compilation. Without program semantics, it is...

Full description

Saved in:

Bibliographic Details
Main Authors:	WANG, Haijun, XIE, Xiaofei, LIN, Shang-Wei, LIN, Yun, LI, Yuekang, QIN, Shengchao, LIU, Yang, LIU, Ting
Format:	text
Language:	English
Published:	Institutional Knowledge at Singapore Management University 2019
Subjects:	Reverse Engineering Software Vulnerability Program Analysis Software Engineering
Online Access:	https://ink.library.smu.edu.sg/sis_research/7066 https://ink.library.smu.edu.sg/context/sis_research/article/8069/viewcontent/3338906.3338966.pdf
Tags:	Add Tag No Tags, Be the first to tag this record!
Institution:	Singapore Management University
Language:	English

Similar Items

Cerebro: Context-aware adaptive fuzzing for effective vulnerability detection
by: LI, Yuekang, et al.
Published: (2019)

MemLock: Memory usage guided fuzzing
by: WEN, Cheng, et al.
Published: (2020)

Typestate-guided fuzzer for discovering use-after-free vulnerabilities
by: WANG, Haijun, et al.
Published: (2020)

Software composition analysis for vulnerability detection: An empirical study on Java projects
by: ZHAO, Lida, et al.
Published: (2023)

SoFi: Reflection-augmented fuzzing for JavaScript engines
by: HE, Xiaoyu, et al.
Published: (2021)

Combining Software Metrics and Text Features for Vulnerable File Prediction
by: ZHANG, Yun, et al.
Published: (2015)

Search-driven string constraint solving for vulnerability detection
by: THOME, Julian, et al.
Published: (2017)

An empirical study of blockchain system vulnerabilities: modules, types, and patterns
by: YI, Xiao, et al.
Published: (2022)

Exploiting library vulnerability via migration-based automated test generation
by: CHEN, Zirui, et al.
Published: (2024)

Finding real world software vulnerabilities using ChatGPT
by: Wong, Sean Chun Foh
Published: (2024)

Enhancing code vulnerability detection via vulnerability-preserving data augmentation
by: LIU, Shangqing, et al.
Published: (2024)

Towards understanding Android system vulnerabilities: Techniques and insights
by: WU, Daoyuan, et al.
Published: (2019)

An integrated approach for effective injection vulnerability analysis of web applications through security slicing and hybrid constraint solving
by: THOME, Julian, et al.
Published: (2018)

Techniques for identifying mobile platform vulnerabilities and detecting policy-violating applications
by: SU, Mon Kywe
Published: (2016)

Towards practical binary code similarity detection: vulnerability verification via patch semantic analysis
by: Yang, Shouguo, et al.
Published: (2024)

Towards a hybrid framework for detecting input manipulation vulnerabilities
by: DING, Sun, et al.
Published: (2013)

SGUARD: Towards fixing vulnerable smart contracts automatically
by: NGUYEN, Tai D., et al.
Published: (2021)

Scalable analysis for malware and vulnerability detection in binaries
by: Chandramohan, Mahinthan
Published: (2018)

HERMES: using commit-issue linking to detect vulnerability-fixing commits
by: NGUYEN, Truong Giang, et al.
Published: (2022)

Predicting SQL injection and cross site scripting vulnerabilities through mining input sanitization patterns
by: SHAR, Lwin Khin, et al.
Published: (2013)

JoanAudit: A tool for auditing common injection vulnerabilities
by: THOME, Julian, et al.
Published: (2017)

Multi-Granularity Detector for Vulnerability Fixes
by: NGUYEN, Truong Giang, et al.
Published: (2023)

sFuzz: An efficient adaptive fuzzer for solidity smart contracts
by: NGUYEN, Tai D., et al.
Published: (2020)

MANDO-GURU: vulnerability detection for smart contract source code by heterogeneous graph embeddings
by: NGUYEN, Huu Hoang, et al.
Published: (2022)

Mining SQL injection and cross site scripting vulnerabilities using hybrid program analysis
by: SHAR, Lwin Khin, et al.
Published: (2013)

AdvSCanner : Generating adversarial smart contracts to exploit reentrancy vulnerabilities using LLM and static analysis
by: WU, Yin, et al.
Published: (2024)

Learning program semantics for vulnerability detection via vulnerability-specific inter-procedural slicing
by: WU, Bozhi, et al.
Published: (2023)

Automatic vulnerability detection and repair
by: MA, Siqi
Published: (2018)

Test mimicry to assess the exploitability of library vulnerabilities
by: KANG, Hong Jin, et al.
Published: (2022)

Recovering fitness gradients for interprocedural Boolean flags in search-based testing
by: LIN, Yun, et al.
Published: (2020)

A closer look at the security risks in the Rust ecosystem
by: ZHENG, Xiaoye, et al.
Published: (2023)

MANDO: Multi-level heterogeneous graph embeddings for fine-grained detection of smart contract vulnerabilities
by: NGUYEN, Huu Hoang, et al.
Published: (2022)

Automated removal of cross site scripting vulnerabilities in web applications
by: SHAR, Lwin Khin, et al.
Published: (2011)

Simulation-based vulnerability assessment in transit systems with cascade failures
by: Chen, Hongyu, et al.
Published: (2022)

Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities
by: SHAR, Lwin Khin, et al.
Published: (2012)

Fifth International Workshop on Software Clones (IWSC 2011)
by: Cordy, J.R., et al.
Published: (2013)

Toward effective secure code reviews: An empirical study of security-related coding weaknesses
by: CHAROENWET, Wachiraphan, et al.
Published: (2024)

A quantum photonic chip for binary classification
by: Lin, H. X., et al.
Published: (2023)

EXPLORING A TRANSDIAGNOSTIC COGNITIVE VULNERABILITY TO INTERNALIZING SYMPTOMS IN ADOLESCENTS
by: RUTH POH YI NING
Published: (2019)

Predicting common web application vulnerabilities from input validation and sanitization code patterns
by: SHAR, Lwin Khin, et al.
Published: (2012)