Analysis of Potential Code Vulnerabilities Involving Overlapping Instructions

  • Loui Al Sardy
  • Tong Tang
  • Marc Spisländer
  • Francesca SagliettiEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10489)


This article proposes approaches supporting the analysis of code vulnerabilities based on overlapping machine instructions of variable length. For the purpose of focusing the search for potential malicious code it is suggested to apply first disassembling techniques allowing for a restriction of potentially exploitable memory space. Successively, testing based on heuristic optimization may be applied in order to evaluate dynamically the practicality of vulnerability exploitation.


Security Vulnerability Overlapping instruction Redirection Testing 



The authors gratefully acknowledge that a major part of the work presented was supported by the German Federal Ministry for Economic Affairs and Energy (BMWi), project SMARTEST. The project is carried out in cooperation with the partner institutions University of Magdeburg, University of Applied Sciences of Magdeburg-Stendal and AREVA GmbH.


  1. 1.
    Andriesse, D., Bos, H.: Instruction-level steganography for covert trigger-based malware. In: Dietrich, S. (ed.) DIMVA 2014. LNCS, vol. 8550, pp. 41–50. Springer, Cham (2014). doi: 10.1007/978-3-319-08509-8_3 Google Scholar
  2. 2.
    CAPEC (Common Attack Pattern Enumeration and Classification) Community: Overflow Buffers (CAPEC-100) (2017).
  3. 3.
    Cowan, C., Barringer, M., Beattie, S., Kroah-Hartman, G., Frantzen, M., Lokier, J.: FormatGuard: automatic protection from printf format string vulnerabilities. In: Proceedings of 10th USENIX Security Symposium (SSYM 2001), vol. 10. USENIX Association (2001)Google Scholar
  4. 4.
    Intel® 64 and IA-32 Architectures: Software Developer’s Manual, vol. 2. Instruction Set Reference (2016)Google Scholar
  5. 5.
    Jämthagen, C., Lantz, P., Hell, M.: A new instruction overlapping technique for anti-disassembly and obfuscation of x86 binaries. In: Proceedings of Anti-malware Testing Research (WATeR 2014). IEEE Xplore (2014)Google Scholar
  6. 6.
    Jämthagen, C., Lantz, P., Hell, M.: Exploiting trust in deterministic builds. In: Skavhaug, A., Guiochet, J., Bitsch, F. (eds.) SAFECOMP 2016. LNCS, vol. 9922, pp. 238–249. Springer, Cham (2016). doi: 10.1007/978-3-319-45477-1_19 CrossRefGoogle Scholar
  7. 7.
    Kilic, F., Kittel, T., Eckert, C.: Blind format string attacks. In: Tian, J., Jing, J., Srivatsa, M. (eds.) SecureComm 2014. LNICSSITE, vol. 153, pp. 301–314. Springer, Cham (2015). doi: 10.1007/978-3-319-23802-9_23 CrossRefGoogle Scholar
  8. 8.
    Lhee, K., Chapin, S.: Buffer overflow and format string overflow vulnerabilities. J. Softw: Pract. Experience 33, 423–460. Wiley (2003)Google Scholar
  9. 9.
    Oster, N., Saglietti, F.: Automatic test data generation by multi-objective optimisation. In: Górski, J. (ed.) SAFECOMP 2006. LNCS, vol. 4166, pp. 426–438. Springer, Heidelberg (2006). doi: 10.1007/11875567_32 CrossRefGoogle Scholar
  10. 10.
    Paleari, R., Martignoni, L. Fresi Roglia, G., Bruschi, D.: N-version disassembly: differential testing of x86 disassemblers. In: Procedings of 19th International Symposium on Software Testing and Analysis. ACM (2010)Google Scholar
  11. 11.
    Saglietti, F., Lill, R.: A testing pattern for automatic control software addressing different degrees of process autonomy and cooperation. In: Proceedings of 19th World Congress of the International Federation of Automatic Control (IFAC), vol. 47. Elsevier (2014)Google Scholar
  12. 12.
    Saglietti, F., Meitner, M., Wardenburg, L., Richthammer, V.: Analysis of informed attacks and appropriate countermeasures for cyber-physical systems. In: Skavhaug, A., Guiochet, J., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2016. LNCS, vol. 9923, pp. 222–233. Springer, Cham (2016). doi: 10.1007/978-3-319-45480-1_18 CrossRefGoogle Scholar
  13. 13.
    Shacham, H.: The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86). In: Proceedings of 14th ACM Conference on Computer and Communications Security (CCS 2007). ACM (2007)Google Scholar
  14. 14.
    Wagner, D., Foster, J.S., Brewer, E.A., Aiken, A.: A first step towards automated detection of buffer overrun vulnerabilities. In: Proceedings of Network and Distributed System Security Symposium (NDSS 2000). The Internet Society (2000)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Loui Al Sardy
    • 1
  • Tong Tang
    • 1
  • Marc Spisländer
    • 1
  • Francesca Saglietti
    • 1
    Email author
  1. 1.Software Engineering (Informatik 11)University of Erlangen-NurembergErlangenGermany

Personalised recommendations