An Approach to Vulnerability Searching of Integer Overflows in the Executable Program Code
- Autores: Demidov R.A.1, Pechenkin A.I.1, Zegzhda P.D.1
- 
							Afiliações: 
							- Peter the Great St.Petersburg Polytechnic University
 
- Edição: Volume 52, Nº 8 (2018)
- Páginas: 1022-1028
- Seção: Article
- URL: https://journals.rcsi.science/0146-4116/article/view/175705
- DOI: https://doi.org/10.3103/S0146411618080102
- ID: 175705
Citar
Resumo
This article proposes an approach to identifying integer overflow vulnerabilities in software represented by the executable code of x86 architecture. The approach is based on symbolic code execution and initially twofold representation of memory cells. A truncated control transfer graph is constructed from the machine code of the program, the paths in which are layer-by-layer checked for the feasibility of the vulnerability conditions. The proposed methods were implemented in practice and experimentally tested on the various code samples.
Sobre autores
R. Demidov
Peter the Great St.Petersburg Polytechnic University
							Autor responsável pela correspondência
							Email: rd@ibks.spbstu.ru
				                					                																			                												                	Rússia, 							Saint-Petersburg, 195251						
A. Pechenkin
Peter the Great St.Petersburg Polytechnic University
							Autor responsável pela correspondência
							Email: pechenkin@ibks.spbstu.ru
				                					                																			                												                	Rússia, 							Saint-Petersburg, 195251						
P. Zegzhda
Peter the Great St.Petersburg Polytechnic University
														Email: pechenkin@ibks.spbstu.ru
				                					                																			                												                	Rússia, 							Saint-Petersburg, 195251						
Arquivos suplementares
 
				
			 
						 
						 
						 
						 
					 
				 
  
  
  
  
  Enviar artigo por via de e-mail
			Enviar artigo por via de e-mail  Acesso aberto
		                                Acesso aberto Acesso está concedido
						Acesso está concedido Somente assinantes
		                                		                                        Somente assinantes
		                                					