Skip to main content
SpringerLink
Log in

Static Integer Overflow Vulnerability Detection in Windows Binary

  • Conference paper
Book cover Advances in Information and Computer Security (IWSEC 2013)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8231))

Included in the following conference series:

Abstract

In this paper, we present a static binary analysis based approach to detect integer overflow vulnerabilities in windows binary. We first translate the binary to our intermediate representation and perform Sign type analysis to reconstruct sufficient type information, and then use dataflow analysis to collect suspicious integer overflow vulnerabilities. To alleviate the problem that static vulnerability detection has high false positive rate, we use the information how variables which may be affected by integer overflow are used in security sensitive operations to compute priority and rank the suspicious integer overflow vulnerabilities. Finally the weakest preconditions technique is used to validate the suspicious integer overflow vulnerabilities. Our approach is static so that it does not run the software directly in real environment. We implement a prototype called EIOD and use it to analyze real-world windows binaries. Experiments show that EIOD can effectively and efficiently detect integer overflow vulnerabilities.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Vulnerability type distributions in cev. CVE (2007), http://cve.mitre.org/docs/vuln-trends/vuln-trends.pdf

  2. Necula, G.C., McPeak, S., Weimer, W.: Ccured: Type-safe retrofitting of legacy code. In: Proceedings of the Principles of Programming Languages, pp. 128–139 (2002)

    Google Scholar 

  3. Jim, T., Morrisett, G., Grossman, D., Hicks, M., Cheney, J., Wang, Y.: Cyclone: A safe dialect of c. In: Proceedings of the Annual Conference on USENIX Annual Technical Conference (2002)

    Google Scholar 

  4. Horovitz, O.: Big loop integer protection. Phrack Inc. (2002), http://www.phrack.org/issues.html?issue=60&id=9#article

  5. Brumley, D., Chiueh, T., Johnson, R., Lin, H., Song, D.: Rich: Automatically protecting against integer-based vulnerabilities. In: Proceedings of the 14th Annual Network and Distributed System Security, NDSS (2007)

    Google Scholar 

  6. Evans, D., Guttag, J., Horning, J., Tan, Y.M.: Lclint:a tool for using specification to check code. In: Proceedings of the ACM SIGSOFT 1994 Symposium on the Foundations of Software Engineering, pp. 87–96 (1994)

    Google Scholar 

  7. Zhang, C., Wang, T., Wei, T., Chen, Y., Zou, W.: IntPatch: Automatically fix integer-overflow-to-buffer-overflow vulnerability at compile-time. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 71–86. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  8. Wang, T., Wei, T., Lin, Z., Zou, W.: Intscope: Automatically detecting integer overflow vulnerability in x86 binary using symbolic execution. In: Proceedings of the 16th Annual Network and Distributed System Security Symposium, NDSS 2009 (2009)

    Google Scholar 

  9. Lin, Z., Zhang, X., Xu, D.: Convicting exploitable software vulnerabilities: An efficient input provenance based approach. In: Proceedings of the 38th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2008), Anchorage, Alaska, USA (June 2008)

    Google Scholar 

  10. Chen, P., Han, H., Wang, Y., Shen, S., Yin, X., Mao, B., Xie, L.: INTFINDER: automatically detecting integer bugs in x86 binary program. In: Proceedings of the International Conference on Information and Communications Security, Beijing, China, pp. 336–345 (December 2009)

    Google Scholar 

  11. Ida pro, http://www.hex-rays.com/idapro/

  12. Nethercote, N., Seward, J.: Valgrind: A Program Supervision Framework. In: Third Workshop on Runtime Verification, RV 2003 (2003)

    Google Scholar 

  13. Vine: BitBlaze Static Analysis Component, http://bitblaze.cs.berkeley.edu/vine.html

  14. BAP: The Next-Generation Binary Analysis Platform, http://bap.ece.cmu.edu/

  15. Brumley, D., Poosankam, P., Song, D., Zheng, J.: Automatic patch-based exploit generation is possible: Techniques and implications. In: Proceedings of the 2008 IEEE Symposium on Security and Privacy (May 2008)

    Google Scholar 

  16. Ganesh, V., Dill, D.L.: A decision procedure for bit-vectors and arrays. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 519–531. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  17. Wojtczuk, R.: Uqbtng: a tool capable of automatically finding integer overflows in win32 binaries. In: 22nd Chaos Communication Congress (2005)

    Google Scholar 

  18. UQBT: A Resourceable and Retargetable Binary Translator, http://www.itee.uq.edu.au/cristina/uqbt.html

  19. Clarke, E., Kroning, D., Lerda, F.: A tool for checking ANSI-C programs. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol. 2988, pp. 168–176. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  20. BitBlaze: The BitBlaze Binary Analysis Platform Project, http://bitblaze.cs.berkeley.edu/index.html

  21. Balakrishnan, G., Gruian, R., Reps, T., Teitelbaum, T.: CodeSurfer/x86—A platform for analyzing x86 executables. In: Bodik, R. (ed.) CC 2005. LNCS, vol. 3443, pp. 250–254. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  22. Microsoft. Phoenix framework, http://research.microsoft.com/phoenix/

  23. Automated vulnerability auditing in machine code, http://www.phrack.com/issues.html?issue=64id=8

  24. Kremenek, T., Engler, D.R.: Z-ranking: Using statistical analysis to counter the impact of static analysis approximations. In: Cousot, R. (ed.) SAS 2003. LNCS, vol. 2694, pp. 295–315. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  25. Zhang, C., Xu, H., Zhang, S., Zhao, J., Chen, Y.: Frequency Estimation of Virtual Call Targets for Object-Oriented Programs. In: Mezini, M. (ed.) ECOOP 2011. LNCS, vol. 6813, pp. 510–532. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  26. Godefroid, P., Levin, M., Molnar, D.: Automated whitebox fuzz testing. In: Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS 2008), San Diego, CA (February 2008)

    Google Scholar 

  27. Aho, A.V., Lam, M.S., Sethi, R., Ullman, J.D.: Compilers: Princiles, Techniques, and Tools, 2nd edn. Addison- Wesley (2006)

    Google Scholar 

  28. Balakrishnan, G., Reps, T.: Analyzing memory accesses in x86 executables. In: Duesterwald, E. (ed.) CC 2004. LNCS, vol. 2985, pp. 5–23. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  29. Balakrishnan, G., Reps, T.: DIVINE: DIscovering Variables IN Executables. In: Cook, B., Podelski, A. (eds.) VMCAI 2007. LNCS, vol. 4349, pp. 1–28. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  30. LeBlanc, D.: Integer handling with the c++ safeint class (2004), http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncode/html/secure01142004.asp

  31. Howard, M.: Safe integer arithmetic in c (2006), http://blogs.msdn.com/michaelhoward/archive/2006/02/02/523392.aspx

  32. Dipanwita, S., Muthu, J., Jay, T., Ramanathan, V.: Flow-insensitive static analysis for detecting integer anomalies in programs. In: Proc. SE, pp. 334–340. ACTA Press, Anaheim (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute of Software, Chinese Academy of Sciences, Beijing, China

    Yi Deng, Yang Zhang, Liang Cheng & Xiaoshan Sun

Authors
  1. Yi Deng
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yang Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Liang Cheng
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Xiaoshan Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Informatics, The University of Electro-Communications, 1-5-1 Chofugaoka, 182-8585, Chofu, Tokyo, Japan

    Kazuo Sakiyama

  2. Research Laboratories, NTT DOCOMO, Inc., 3-6 Hikari-no-oka, 239-8536, Kanagawa, Yokosuka, Japan

    Masayuki Terada

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Deng, Y., Zhang, Y., Cheng, L., Sun, X. (2013). Static Integer Overflow Vulnerability Detection in Windows Binary. In: Sakiyama, K., Terada, M. (eds) Advances in Information and Computer Security. IWSEC 2013. Lecture Notes in Computer Science, vol 8231. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41383-4_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-41383-4_2

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-41382-7

  • Online ISBN: 978-3-642-41383-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation