Improving Accuracy of Static Integer Overflow Detection in Binary

摘要

Integer overflow presents a major source of security threats to information systems. However, current solutions are less effective in detecting integer overflow vulnerabilities: they either produce unaccept-ably high false positive rates or cannot generate concrete inputs towards vulnerability exploration. This limits the usability of these solutions in analyzing real-world applications, especially those in the format of binary executables. In this paper, we present a platform, called INDIO, for accurately detecting integer overflow vulnerabilities in Windows binaries. INDIO integrates the techniques of pattern-matching (for quick identification of potential vulnerabilities), vulnerability ranking (for economic elimination of false positives), and selective symbolic execution (for rigorous elimination of false positives). As a result, INDIO can detect integer overflow with low false positive and false negative rates. We have applied INDIO to several real-world, large-size Windows binaries, and the experimental results confirmed the effectiveness of INDIO (all known and two previously unknown integer overflows vulnerabilities were detected). The experiments also demonstrate that the vulnerability ranking technique and other optimization techniques employed in INDIO can significantly reduce false positives with economic costs.