An Approach to Vulnerability Searching of Integer Overflows in the Executable Program Code

R. A. Demidov; A. I. Pechenkin; P. D. Zegzhda

doi:10.3103/S0146411618080102

An Approach to Vulnerability Searching of Integer Overflows in the Executable Program Code

Autores: Demidov R.A.¹, Pechenkin A.I.¹, Zegzhda P.D.¹
Afiliações:
1. Peter the Great St.Petersburg Polytechnic University
Edição: Volume 52, Nº 8 (2018)
Páginas: 1022-1028
Seção: Article
URL: https://journals.rcsi.science/0146-4116/article/view/175705
DOI: https://doi.org/10.3103/S0146411618080102
ID: 175705

Citar

Texto integral

Acesso aberto
Acesso é fechado

Acesso está concedido
Acesso é fechado

Somente assinantes

Resumo
Sobre autores
Bibliografia
Arquivos suplementares
Estatísticas

Resumo

This article proposes an approach to identifying integer overflow vulnerabilities in software represented by the executable code of x86 architecture. The approach is based on symbolic code execution and initially twofold representation of memory cells. A truncated control transfer graph is constructed from the machine code of the program, the paths in which are layer-by-layer checked for the feasibility of the vulnerability conditions. The proposed methods were implemented in practice and experimentally tested on the various code samples.

Palavras-chave

vulnerability search, symbolic execution, symbolic memory, vulnerability classification, control flow graph, integer overflow

Arquivos suplementares

Ação

1. JATS XML

Baixar

Nome de usuário
Senha
Lembrar usuário

Esqueceu a senha?	Cadastro

Nome de usuário
Senha
Lembrar usuário

Esqueceu a senha?	Cadastro

An Approach to Vulnerability Searching of Integer Overflows in the Executable Program Code

Texto integral

Resumo

Palavras-chave

Sobre autores

R. Demidov

A. Pechenkin

P. Zegzhda

Arquivos suplementares