Abstract
In this paper, we present a static binary analysis based approach to detect integer overflow vulnerabilities in windows binary. We first translate the binary to our intermediate representation and perform Sign type analysis to reconstruct sufficient type information, and then use dataflow analysis to collect suspicious integer overflow vulnerabilities. To alleviate the problem that static vulnerability detection has high false positive rate, we use the information how variables which may be affected by integer overflow are used in security sensitive operations to compute priority and rank the suspicious integer overflow vulnerabilities. Finally the weakest preconditions technique is used to validate the suspicious integer overflow vulnerabilities. Our approach is static so that it does not run the software directly in real environment. We implement a prototype called EIOD and use it to analyze real-world windows binaries. Experiments show that EIOD can effectively and efficiently detect integer overflow vulnerabilities.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Vulnerability type distributions in cev. CVE (2007), http://cve.mitre.org/docs/vuln-trends/vuln-trends.pdf
Necula, G.C., McPeak, S., Weimer, W.: Ccured: Type-safe retrofitting of legacy code. In: Proceedings of the Principles of Programming Languages, pp. 128–139 (2002)
Jim, T., Morrisett, G., Grossman, D., Hicks, M., Cheney, J., Wang, Y.: Cyclone: A safe dialect of c. In: Proceedings of the Annual Conference on USENIX Annual Technical Conference (2002)
Horovitz, O.: Big loop integer protection. Phrack Inc. (2002), http://www.phrack.org/issues.html?issue=60&id=9#article
Brumley, D., Chiueh, T., Johnson, R., Lin, H., Song, D.: Rich: Automatically protecting against integer-based vulnerabilities. In: Proceedings of the 14th Annual Network and Distributed System Security, NDSS (2007)
Evans, D., Guttag, J., Horning, J., Tan, Y.M.: Lclint:a tool for using specification to check code. In: Proceedings of the ACM SIGSOFT 1994 Symposium on the Foundations of Software Engineering, pp. 87–96 (1994)
Zhang, C., Wang, T., Wei, T., Chen, Y., Zou, W.: IntPatch: Automatically fix integer-overflow-to-buffer-overflow vulnerability at compile-time. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 71–86. Springer, Heidelberg (2010)
Wang, T., Wei, T., Lin, Z., Zou, W.: Intscope: Automatically detecting integer overflow vulnerability in x86 binary using symbolic execution. In: Proceedings of the 16th Annual Network and Distributed System Security Symposium, NDSS 2009 (2009)
Lin, Z., Zhang, X., Xu, D.: Convicting exploitable software vulnerabilities: An efficient input provenance based approach. In: Proceedings of the 38th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2008), Anchorage, Alaska, USA (June 2008)
Chen, P., Han, H., Wang, Y., Shen, S., Yin, X., Mao, B., Xie, L.: INTFINDER: automatically detecting integer bugs in x86 binary program. In: Proceedings of the International Conference on Information and Communications Security, Beijing, China, pp. 336–345 (December 2009)
Ida pro, http://www.hex-rays.com/idapro/
Nethercote, N., Seward, J.: Valgrind: A Program Supervision Framework. In: Third Workshop on Runtime Verification, RV 2003 (2003)
Vine: BitBlaze Static Analysis Component, http://bitblaze.cs.berkeley.edu/vine.html
BAP: The Next-Generation Binary Analysis Platform, http://bap.ece.cmu.edu/
Brumley, D., Poosankam, P., Song, D., Zheng, J.: Automatic patch-based exploit generation is possible: Techniques and implications. In: Proceedings of the 2008 IEEE Symposium on Security and Privacy (May 2008)
Ganesh, V., Dill, D.L.: A decision procedure for bit-vectors and arrays. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 519–531. Springer, Heidelberg (2007)
Wojtczuk, R.: Uqbtng: a tool capable of automatically finding integer overflows in win32 binaries. In: 22nd Chaos Communication Congress (2005)
UQBT: A Resourceable and Retargetable Binary Translator, http://www.itee.uq.edu.au/cristina/uqbt.html
Clarke, E., Kroning, D., Lerda, F.: A tool for checking ANSI-C programs. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol. 2988, pp. 168–176. Springer, Heidelberg (2004)
BitBlaze: The BitBlaze Binary Analysis Platform Project, http://bitblaze.cs.berkeley.edu/index.html
Balakrishnan, G., Gruian, R., Reps, T., Teitelbaum, T.: CodeSurfer/x86—A platform for analyzing x86 executables. In: Bodik, R. (ed.) CC 2005. LNCS, vol. 3443, pp. 250–254. Springer, Heidelberg (2005)
Microsoft. Phoenix framework, http://research.microsoft.com/phoenix/
Automated vulnerability auditing in machine code, http://www.phrack.com/issues.html?issue=64id=8
Kremenek, T., Engler, D.R.: Z-ranking: Using statistical analysis to counter the impact of static analysis approximations. In: Cousot, R. (ed.) SAS 2003. LNCS, vol. 2694, pp. 295–315. Springer, Heidelberg (2003)
Zhang, C., Xu, H., Zhang, S., Zhao, J., Chen, Y.: Frequency Estimation of Virtual Call Targets for Object-Oriented Programs. In: Mezini, M. (ed.) ECOOP 2011. LNCS, vol. 6813, pp. 510–532. Springer, Heidelberg (2011)
Godefroid, P., Levin, M., Molnar, D.: Automated whitebox fuzz testing. In: Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS 2008), San Diego, CA (February 2008)
Aho, A.V., Lam, M.S., Sethi, R., Ullman, J.D.: Compilers: Princiles, Techniques, and Tools, 2nd edn. Addison- Wesley (2006)
Balakrishnan, G., Reps, T.: Analyzing memory accesses in x86 executables. In: Duesterwald, E. (ed.) CC 2004. LNCS, vol. 2985, pp. 5–23. Springer, Heidelberg (2004)
Balakrishnan, G., Reps, T.: DIVINE: DIscovering Variables IN Executables. In: Cook, B., Podelski, A. (eds.) VMCAI 2007. LNCS, vol. 4349, pp. 1–28. Springer, Heidelberg (2007)
LeBlanc, D.: Integer handling with the c++ safeint class (2004), http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncode/html/secure01142004.asp
Howard, M.: Safe integer arithmetic in c (2006), http://blogs.msdn.com/michaelhoward/archive/2006/02/02/523392.aspx
Dipanwita, S., Muthu, J., Jay, T., Ramanathan, V.: Flow-insensitive static analysis for detecting integer anomalies in programs. In: Proc. SE, pp. 334–340. ACTA Press, Anaheim (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Deng, Y., Zhang, Y., Cheng, L., Sun, X. (2013). Static Integer Overflow Vulnerability Detection in Windows Binary. In: Sakiyama, K., Terada, M. (eds) Advances in Information and Computer Security. IWSEC 2013. Lecture Notes in Computer Science, vol 8231. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41383-4_2
Download citation
DOI: https://doi.org/10.1007/978-3-642-41383-4_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-41382-7
Online ISBN: 978-3-642-41383-4
eBook Packages: Computer ScienceComputer Science (R0)