Hybrid analysis of executables to detect security vulnerabilities: security vulnerabilities

Authors:
Pranith D. Kumar;Anchal Nema;Rajeev Kumar
Affiliations:
IIT Kharagpur, Kharagpur, India;IIT Kharagpur, Kharagpur, India;IIT Kharagpur, Kharagpur, India
Venue:
Proceedings of the 2nd India software engineering conference
Year:
2009

Citing 2
Cited 2

Static Analysis of Binary Code to Isolate Malicious Behaviors

WETICE '99 Proceedings of the 8th Workshop on Enabling Technologies on Infrastructure for Collaborative Enterprises
Pin: building customized program analysis tools with dynamic instrumentation

Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation

A systematic mapping study on the combination of static and dynamic quality assurance techniques

Information and Software Technology
Mitigating program security vulnerabilities: Approaches and challenges

ACM Computing Surveys (CSUR)

Quantified Score

Hi-index	0.00

Visualization

Abstract

Detection of vulnerabilities in executables is one of the major challenges facing the software industry and is mainly due to the unavailability of the source code. In this work, we present a hybrid approach which is a combination of static and dynamic analysis to identify vulnerabilities. In this approach, we first instrument the executable using PIN to extract the control flow and the corresponding assembly code using disassembler. We then perform static analysis on the assembly code for constraint bound checking using control flow and register bounds. In this way, we exploit the synergy between static and dynamic analysis to detect memory leaks, buffer overflow and dangling pointers.