计算机工程与应用Issue(18):56-61,6.DOI:10.3778/j.issn.1002-8331.1309-0328
二进制程序整型符号转换缺陷的动态检测方法
Dynamic detection approach for integer sign conversion in binary programs
摘要
Abstract
For the integer sign conversion faults, which result in buffer overflow vulnerabilities, an approach to detect inte-ger sign conversion faults in binary programs dynamically is presented. Type inference method, based on a framework for binary instrumentation, is used to identify the sign information of integer variables. Then, a set of parameters are obtained, which have a conflict type in memory-related library functions, and are taken as candidate set of potential integer sign con-version faults. The test is run after inserting detection code on the level of intermediate representation to determine the real integer sign conversion faults. The experimental results on Sconvcheck show that this method can effectively detect integer sign conversion faults in binary programs and accurately locate the position the faults have occurred with a lower rate of false positives.关键词
整数符号转换缺陷/类型推断/冲突类型/二进制程序/中间代码Key words
integer sign conversion faults/type inference/conflict type/binary programs/intermediate representation分类
信息技术与安全科学引用本文复制引用
朱雪梅,王兴起,方景龙,王大全..二进制程序整型符号转换缺陷的动态检测方法[J].计算机工程与应用,2015,(18):56-61,6.基金项目
国家部委基础科研重点项目;国家部委技术基础科研项目。 ()
