IntPatch: automatically fix integer-overflow-to-buffer-overflow vulnerability at compile-time

Authors:
Chao Zhang;Tielei Wang;Tao Wei;Yu Chen;Wei Zou
Affiliations:
Institute of Computer Science and Technology, Peking University, Key Laboratory of Network and Software Security Assurance, Peking University, Ministry of Education;Institute of Computer Science and Technology, Peking University, Key Laboratory of Network and Software Security Assurance, Peking University, Ministry of Education;Institute of Computer Science and Technology, Peking University, Key Laboratory of Network and Software Security Assurance, Peking University, Ministry of Education;Institute of Computer Science and Technology, Peking University, Key Laboratory of Network and Software Security Assurance, Peking University, Ministry of Education;Institute of Computer Science and Technology, Peking University, Key Laboratory of Network and Software Security Assurance, Peking University, Ministry of Education
Venue:
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Year:
2010

Citing 13
Cited 3

A theory of type qualifiers

Proceedings of the ACM SIGPLAN 1999 conference on Programming language design and implementation
Flow-sensitive type qualifiers

PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Program slicing

ICSE '81 Proceedings of the 5th international conference on Software engineering
The Rising Threat of Vulnerabilities Due to Integer Errors

IEEE Security and Privacy
LLVM: A Compilation Framework for Lifelong Program Analysis & Transformation

Proceedings of the international symposium on Code generation and optimization: feedback-directed and runtime optimization
DART: directed automated random testing

Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
CUTE: a concolic unit testing engine for C

Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Compilers: Principles, Techniques, and Tools (2nd Edition)

Compilers: Principles, Techniques, and Tools (2nd Edition)
EXE: automatically generating inputs of death

Proceedings of the 13th ACM conference on Computer and communications security
Non-control-data attacks are realistic threats

SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs

OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Dynamic test generation to find integer bugs in x86 binary linux programs

SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Using type qualifiers to analyze untrusted integers and detecting security flaws in c programs

DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment

Improving integer security for systems with KINT

OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
Program transformations to fix C integers

Proceedings of the 2013 International Conference on Software Engineering
Sound input filter generation for integer overflow errors

Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages

Quantified Score

Hi-index	0.00

Visualization

Abstract

The Integer-Overflow-to-Buffer-Overflow (IO2BO) vulnerability is an underestimated threat. Automatically identifying and fixing this kind of vulnerability are critical for software security. In this paper, we present the design and implementation of IntPatch, a compiler extension for automatically fixing IO2BO vulnerabilities in C/C++ programs at compile time. IntPatch utilizes classic type theory and dataflow analysis framework to identify potential IO2BO vulnerabilities, and then instruments programs with runtime checks. Moreover, IntPatch provides an interface for programmers to facilitate checking integer overflows. We evaluate IntPatch on a number of real-world applications. It has caught all 46 previously known IO2BO vulnerabilities in our test suite and found 21 new bugs. Applications patched by IntPatch have a negligible runtime performance loss which is averaging about 1%.