Avoiding exponential explosion: generating compact verification conditions
POPL '01 Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Anomaly detection of web-based attacks
Proceedings of the 10th ACM conference on Computer and communications security
DART: directed automated random testing
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Vigilante: end-to-end containment of internet worms
Proceedings of the twentieth ACM symposium on Operating systems principles
Packet vaccine: black-box exploit detection and signature generation
Proceedings of the 13th ACM conference on Computer and communications security
Exterminator: automatically correcting memory errors with high probability
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Making context-sensitive points-to analysis with heap cloning practical for the real world
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Enhancing server availability and security through failure-oblivious computing
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
On gray-box program tracking for anomaly detection
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
ShieldGen: Automatic Data Patch Generation for Unknown Vulnerabilities with Informed Probing
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Creating Vulnerability Signatures Using Weakest Preconditions
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Bouncer: securing software by blocking bad input
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Proceedings of the 22nd annual ACM SIGPLAN conference on Object-oriented programming systems and applications
Flow-insensitive static analysis for detecting integer anomalies in programs
SE'07 Proceedings of the 25th conference on IASTED International Multi-Conference: Software Engineering
The CERT C Secure Coding Standard
The CERT C Secure Coding Standard
Snugglebug: a powerful approach to weakest preconditions
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Taint-based directed whitebox fuzzing
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Automatically patching errors in deployed software
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Dynamic test generation to find integer bugs in x86 binary linux programs
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
IntPatch: automatically fix integer-overflow-to-buffer-overflow vulnerability at compile-time
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Null dereference verification via over-approximated weakest pre-conditions analysis
Proceedings of the 2011 ACM international conference on Object oriented programming systems languages and applications
Using type qualifiers to analyze untrusted integers and detecting security flaws in c programs
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
Proceedings of the 34th International Conference on Software Engineering
Understanding integer overflow in C/C++
Proceedings of the 34th International Conference on Software Engineering
Bolt: on-demand infinite loop escape in unmodified binaries
Proceedings of the ACM international conference on Object oriented programming systems languages and applications
Improving integer security for systems with KINT
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
| Hi-index | 0.00 |
We present a system, SIFT, for generating input filters that nullify integer overflow errors associated with critical program sites such as memory allocation or block copy sites. SIFT uses a static pro- gram analysis to generate filters that discard inputs that may trigger integer overflow errors in the computations of the sizes of allocated memory blocks or the number of copied bytes in block copy operations. Unlike all previous techniques of which we are aware, SIFT is sound -- if an input passes the filter, it will not trigger an integer overflow error at any analyzed site. Our results show that SIFT successfully analyzes (and therefore generates sound input filters for) 56 out of 58 memory allocation and block memory copy sites in analyzed input processing modules from five applications (VLC, Dillo, Swfdec, Swftools, and GIMP). These nullified errors include six known integer overflow vulnerabilities. Our results also show that applying these filters to 62895 real-world inputs produces no false positives. The analysis and filter generation times are all less than a second.