Skip to main content
SpringerLink
Log in

Automated Generation of Buffer Overflow Quick Fixes Using Symbolic Execution and SMT

  • Conference paper
  • First Online:
Computer Safety, Reliability, and Security (SAFECOMP 2014)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 9337))

Included in the following conference series:

Abstract

In many C programs, debugging requires significant effort and can consume a lot of time. Even if the bug’s cause is known, detecting a bug in such programs and generating a bug fix patch manually is a tedious task. In this paper, we present a novel approach used to generate bug fixes for buffer overflow automatically using static execution, code patch patterns, quick fix locations, user input saturation and Satisfiability Modulo Theories (SMT). The generated patches are syntactically correct, can be semi-automatically inserted into code and do not need additional human refinement. We evaluated our approach on 58 C open source programs contained in the Juliet test suite and measured an overhead of 0.59 % with respect to the bug detection time. We think that our approach is generalizable and can be applied with other bug checkers that we developed.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Aho, A.V., et al.: A minimum-distance error-correcting parser for context-free languages. SIAM J. Comput. 1(4), 305–312 (1972)

    Article  MathSciNet  MATH  Google Scholar 

  2. Chen, L., et al.: R2Fix: automatically generating bug fixes from bug reports. In: Proceedings of the 2013 IEEE 6th ICST

    Google Scholar 

  3. Crispin, C., et al.: StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks. In: Proceedings of the 7th USENIX SSYM 1998

    Google Scholar 

  4. Crispin, C., et al.: Buffer overflows: attacks and defenses for the vulnerability of the decade*. In: DARPA Discex 2000

    Google Scholar 

  5. de Moura, L., Bjørner, N.S.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  6. Deepak, G., et al.: TIED, LibsafePlus: tools for runtime buffer overflow protection. In: Proceedings of the 13th Conference on USENIX Security Symposium, SSYM 2004

    Google Scholar 

  7. DeMarco, F., et al.: Automatic repair of buggy if conditions and missing preconditions with SMT. In: Proceedings of the CSTVA 2014

    Google Scholar 

  8. Demsky, B., Rinard, M.: Automatic detection and repair of errors in data structures. In: Proceedings of the ACM SIGPLAN OOPSLA 2003

    Google Scholar 

  9. Emery, D.B.: HeapShield: library-based heap overflow protection for free. UMass CS TR 06-28 (2006)

    Google Scholar 

  10. Gu, Z., et al.: Has the bug really been fixed? In: Proceedings of the ICSE 2010

    Google Scholar 

  11. Haddad, H.M., Shahriar, H.: Rule-based source level patching of buffer overflow vulnerabilities. In: Proceedings of the 10th ITNG 2013

    Google Scholar 

  12. Harrold, M.J., et al.: Fault prediction, localization, and repair. Dagstuhl Seminar 13061, February 2013

    Google Scholar 

  13. Ibing, A.: SMT-constrained symbolic execution for eclipse CDT/Codan. In: Proceedings of the 3th WS-FMDS 2013

    Google Scholar 

  14. Ibing, A.: Path-sensitive race detection with partial order reduced symbolic execution. In: Canal, C., Idani, A. (eds.) SEFM 2014 Workshops. LNCS, vol. 8938, pp. 311–322. Springer, Heidelberg (2015)

    Google Scholar 

  15. Ibing, A., Mai, A.: A fixed-point algorithm for automated static detection of infinite loops. In: Proceedings of the 16th IEEE HASE 2015

    Google Scholar 

  16. Jacobs, M., Lewis, E.C.: SMART C: a semantic macro replacement translator for C. In: Proceedings of the Sixth IEEE SCAM 2006

    Google Scholar 

  17. Jin, H., et al.: SafeStack: automatically patching stack-based buffer overflow vulnerabilities. IEEE Trans. Dependable Secure Comput. 10(6), 368–379 (2013)

    Article  Google Scholar 

  18. Kim, D., et al.: Automatic patch generation learned from human-written patches. In: Proceedings of the International Conference on Software Engineering, ICSE 2013

    Google Scholar 

  19. Le Goues, C., et al.: Genprog: a generic method for automatic software repair. IEEE Trans. Softw. Eng. 38(1), 54–72 (2012)

    Article  Google Scholar 

  20. Lin, Z.: LibsafeXP: a practical and transparent tool for run-time buffer overflow preventions. In: Proceedings of the 7th Annual IEEE Information Assurance Workshop, IAW 2006

    Google Scholar 

  21. Lin, Z., et al.: AutoPaG: towards automated software patch generation with source code root cause identification and repair. In: Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS 2007

    Google Scholar 

  22. Mitre: CWE-121. http://cwe.mitre.org/data/definitions/121.html

  23. Mitre: 2011 CWE/SANS Top 25. http://cwe.mitre.org/top25/

  24. Mitre: Heartbleed Bug. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

  25. Monperrus, M.: A critical review of automatic patch generation learned from human-written patches: essay on the problem statement and the evaluation of automatic software repair. In: Proceedings of the 36th International Conference on Software Engineering, ICSE 2014

    Google Scholar 

  26. Muntean, P., et al.: Context-sensitive detection of information exposure bugs with symbolic execution. In: Innovative Software Development Methodologies and Practices, InnoSWDev 2014

    Google Scholar 

  27. NIST: Juliet Test Suite v1.2 for C/C++

    Google Scholar 

  28. Satish, C., et al.: SemFix: program repair via semantic analysis. In: Proceedings of the International Conference on Software Engineering, ICSE 2013, pp. 772–781

    Google Scholar 

  29. Sauciuc, R., Necula, G.: Reverse execution with constraint solving. Technical report No. UCB/EECS-2011-67, May 2011

    Google Scholar 

  30. Shaw, A., et al.: Automatically fixing C buffer overflows using program transformations. In: Proceedings of the IEEE/IFIP Conference on Dependable Systems and Networks, DSN 2013

    Google Scholar 

  31. Sidiroglou, S., Giovanidis, G., Keromytis, A.D.: A dynamic mechanism for recovering from buffer overflow attacks. In: Zhou, J., López, J., Deng, R.H., Bao, F. (eds.) ISC 2005. LNCS, vol. 3650, pp. 1–15. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  32. Smirnov, A., et al.: Automatic patch generation for buffer overflow attacks. In: Proceedings of the Third International Symposium on Information Assurance and Security, IAS 2007, pp. 165–170

    Google Scholar 

  33. Westley, W.: Patches as better bug reports. In: International Conference on Generative Programming and Component Engineering, GPCE 2006

    Google Scholar 

  34. Westley, W., et al.: Automatically finding patches using genetic programming\(^*\). In: International Conference on Software Engineering, ICSE 2009

    Google Scholar 

Download references

Acknowledgments

This research is funded by the German Ministry for Education and Research (BMBF) under grant number 01IS13020.

Author information

Authors and Affiliations

  1. Department of Informatics, Technical University Munich, Munich, Germany

    Paul Muntean, Vasantha Kommanapalli, Andreas Ibing & Claudia Eckert

Authors
  1. Paul Muntean
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vasantha Kommanapalli
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Andreas Ibing
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Claudia Eckert
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Paul Muntean .

Editor information

Editors and Affiliations

  1. University of Technology, Delft, The Netherlands

    Floor Koornneef

  2. University of Huddersfield, Huddersfield, United Kingdom

    Coen van Gulijk

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Muntean, P., Kommanapalli, V., Ibing, A., Eckert, C. (2015). Automated Generation of Buffer Overflow Quick Fixes Using Symbolic Execution and SMT. In: Koornneef, F., van Gulijk, C. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2014. Lecture Notes in Computer Science(), vol 9337. Springer, Cham. https://doi.org/10.1007/978-3-319-24255-2_32

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-24255-2_32

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-24254-5

  • Online ISBN: 978-3-319-24255-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation