Automatic Buffer Overflow Warning Validation
- PDF / 1,182,447 Bytes
- 22 Pages / 595 x 842 pts (A4) Page_size
- 55 Downloads / 234 Views
Automatic Buffer Overflow Warning Validation Feng-Juan Gao1,2 , Yu Wang1,2 , Lin-Zhang Wang1,2,∗ , Distinguished Member, CCF Zijiang Yang3 , Senior Member, IEEE, and Xuan-Dong Li1,2 , Fellow, CCF 1
State Key Laboratory for Novel Software Technology, Nanjing University, Nanjing 210023, China
2
Department of Computer Science and Technology, Nanjing University, Nanjing 210023, China
3
Department of Computer Science, Western Michigan University, Kalamazoo 49008-5466, U.S.A.
E-mail: {fjgao, yuwang cs}@smail.nju.edu.cn; [email protected]; [email protected]; [email protected] Received April 11, 2020; revised October 22, 2020. Abstract Static buffer overflow detection techniques tend to report too many false positives fundamentally due to the lack of software execution information. It is very time consuming to manually inspect all the static warnings. In this paper, we propose BovInspector, a framework for automatically validating static buffer overflow warnings and providing suggestions for automatic repair of true buffer overflow warnings for C programs. Given the program source code and the static buffer overflow warnings, BovInspector first performs warning reachability analysis. Then, BovInspector executes the source code symbolically under the guidance of reachable warnings. Each reachable warning is validated and classified by checking whether all the path conditions and the buffer overflow constraints can be satisfied simultaneously. For each validated true warning, BovInspector provides suggestions to automatically repair it with 11 repair strategies. BovInspector is complementary to prior static buffer overflow discovery schemes. Experimental results on real open source programs show that BovInspector can automatically validate on average 60% of total warnings reported by static tools. Keywords
1
buffer overflow, static analysis warning, symbolic execution, automatic repair
Introduction
Buffer overflow occurs when more data is written into a buffer than the buffer capacity, causing extra data being written into memory adjacent to the buffer. If the adjacent memory before being overwritten has stored information (such as the pointer to the previous frame and return address) that is critical for the OS to correctly execute programs, buffer overflow may cause unpredictable behaviors. In a buffer overflow attack, the attacker carefully crafts his/her input data to vulnerable software so that the unpredictable behavior is that the OS executes his/her malicious code embedded in the overflow data with the privilege of the vulnerable software. Although more than 40 years have passed since the
buffer overflow technique was first documented by Anderson in 1972 [1] and almost 30 years have passed since the buffer overflow technique was first exploited by the infamous Morris worm in 1988, buffer overflow remains the most common type of software vulnerabilities, as shown in the recent studies of software vulnerability databases [2] , and it is likely to remain so for many years to come. Most existing software has b
Data Loading...
