A Static Taint Detection Method for Stack Overflow Vulnerabilities in Binaries

机译：二进制文件中堆栈溢出漏洞的静态污点检测方法

获取原文

获取外文期刊封面目录资料

页面导航

摘要
著录项
引文网络
相似文献
相关主题

摘要

The current static analysis approaches for detecting stack overflow vulnerabilities in binaries are only usable to the functions in system libraries and not suitable for user defined functions. In this paper, we model the characteristic of stack overflow vulnerabilities and propose a static taint analysis method, which can recognize user defined functions that may have that type of vulnerabilities. The experiments on 4 runtime libraries and 2 executables show that this method can find the stack overflow vulnerabilities in binaries correctly and effectively.

机译：当前用于检测二进制文件中堆栈溢出漏洞的静态分析方法仅适用于系统库中的功能，不适用于用户定义的功能。在本文中，我们对堆栈溢出漏洞的特征进行建模，并提出了一种静态污点分析方法，该方法可以识别用户定义的可能具有此类漏洞的功能。在4个运行时库和2个可执行文件上进行的实验表明，该方法可以正确有效地找到二进制文件中的堆栈溢出漏洞。

著录项

来源
《International Conference on Information Science and Control Engineering》|2017年|110-114|共5页
会议地点
作者
Chao Feng; Xing Zhang;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类
关键词
Libraries; Software; Analytical models; Algorithm design and analysis; Runtime; Central Processing Unit;

机译：图书馆;软件;分析模型;算法设计与分析;运行时;中央处理单元;

相似文献

外文文献
中文文献
专利

1. Detecting Integer Overflow Vulnerabilities in Binary Executables Based on Target Filtering and Dynamic Taint Tracing [J] . CUI Baojiang, LIANG Xiaobing, ZHAO Bing, 电子学报：英文版 . 2014,第002期

机译：基于目标滤波和动态Taint跟踪检测二进制可执行文件中的整数溢出漏洞
2. Static Taint Analysis Traversal with Object Oriented Component for Web File Injection Vulnerability Pattern Detection [J] . Aditya Kurniawan, Bahtiar Saleh Abbas, Agung Trisetyarso, Procedia Computer Science . 2018,第22期

机译：Web文件注入漏洞模式检测中带有面向对象组件的静态污点分析遍历
3. Static Analysis Method for Detecting Buffer Overflow Vulnerabilities [J] . F. M. Puchkov, K. A. Shapchenko Programming and Computer Software . 2005,第4期

机译：检测缓冲区溢出漏洞的静态分析方法
4. A Static Taint Detection Method for Stack Overflow Vulnerabilities in Binaries [C] . Chao Feng, Xing Zhang International Conference on Information Science and Control Engineering . 2017

机译：一副堆栈溢出漏洞的静态染色检测方法
5. Security Code Review with Static Analysis Techniques for the Detection and Remediation of Security Vulnerabilities [D] . Thomas, Tyler William. 2018

机译：使用静态分析技术检查安全代码，以检测和修复安全漏洞
6. Feasibility of on/at Line Methods to Determine Boar Taint and Boar Taint Compounds: An Overview [O] . Maria Font-i-Furnols, Raúl Martín-Bernal, Marijke Aluwé, 2020

机译：确定公猪污染和公猪Taint Computs的on / in / in in / in in方法的可行性：概述
7. A Static Comprehensive Analytical Method for Buffer Overflow Vulnerability Detection [O] . Bilin Shao, Jiafen Yan, Genqing Bian, 2016

机译：缓冲溢出漏洞检测的静态综合分析方法
8. Using a Diagnostic Corpus of C Programs to Evaluate Buffer Overflow Detection by Static Analysis Tools. [R] . Kratkiewicz, K., Lippmann, R. 2016

机译：使用C程序的诊断语料库来评估静态分析工具的缓冲区溢出检测。

A Static Taint Detection Method for Stack Overflow Vulnerabilities in Binaries

摘要

著录项

引文网络

相似文献

相关主题

期刊订阅