RICB: Integer Overflow Vulnerability Dynamic Analysis via Buffer Overflow  

RICB: Integer Overflow Vulnerability Dynamic Analysis via Buffer Overflow

在线阅读下载全文

作  者:Wang Yong Gu Dawu Xu Jianping Wen Mi Deng Liwen 

机构地区:[1]Shan hai University of Electric Power, Shanghai200090, P. R [2]Shanghai Jiao Tong University, Shanghai 200240, P. R. China [3]Shanghai Changjiang Computer Group Corporation, Shangha China 200001, P. R. China

出  处:《China Communications》2010年第6期10-16,共7页中国通信(英文版)

基  金:Supported by the National Natural Science Foundation of China (60903188), Shanghai Education Commission Innovation Foundation (11YZ192) and World Expo Science and Technology Special Fund of Shanghai Science and Technology Commission (08dz0580202).

摘  要:Integer overflow vulnerability will cause buffer overflow. The research on the relationship between them will help us to detect integer overflow vulnerability. We present a dynamic analysis methods RICB (Run-time Integer Checking via Buffer overflow). Our approach includes decompile execute file to assembly language; debug the execute file step into and step out; locate the overflow points and checking buffer overflow caused by integer overflow. We have implemented our approach in three buffer overflow types: format string overflow, stack overflow and heap overflow. Experiments results show that our approach is effective and efficient. We have detected more than 5 known integer overflow vulnerabilities via buffer overflow.

关 键 词:integer overflow format string overflow buffer overflow 

分 类 号:TP393.08[自动化与计算机技术—计算机应用技术] TP316.81[自动化与计算机技术—计算机科学与技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象