Title :
Static Detection of Vulnerabilities in x86 Executables
Author :
Cova, Marco ; Felmetsger, Viktoria ; Banks, Greg ; Vigna, Giovanni
Author_Institution :
Dept. of Comput. Sci., California Univ., Santa Barbara, CA
Abstract :
Several approaches have been proposed to perform vulnerability analysis of applications written in high-level languages. However, little has been done to automatically identify security-relevant flaws in binary code. In this paper, we present a novel approach to the identification of vulnerabilities in x86 executables in ELF binary format. Our approach is based on static analysis and symbolic execution techniques. We implemented our approach in a proof-of-concept tool and used it to detect taint-style vulnerabilities in binary code. The results of our evaluation show that our approach is both practical and effective
Keywords :
machine oriented languages; program diagnostics; security of data; software tools; binary code; binary static analysis; executable and linking format; security-relevant flaws identification; symbolic execution; taint analysis; vulnerability analysis; x86 executables; Application software; Binary codes; Computer science; Geophysical measurement techniques; Ground penetrating radar; High level languages; Performance analysis; Risk analysis; Runtime; Security; Vulnerability analysis; binary static analysis; symbolic execution; taint analysis.;
Conference_Titel :
Computer Security Applications Conference, 2006. ACSAC '06. 22nd Annual
Conference_Location :
Miami Beach, FL
Print_ISBN :
0-7695-2716-7
DOI :
10.1109/ACSAC.2006.50
