• DocumentCode
    2965488
  • Title

    Static Detection of Vulnerabilities in x86 Executables

  • Author

    Cova, Marco ; Felmetsger, Viktoria ; Banks, Greg ; Vigna, Giovanni

  • Author_Institution
    Dept. of Comput. Sci., California Univ., Santa Barbara, CA
  • fYear
    2006
  • fDate
    Dec. 2006
  • Firstpage
    269
  • Lastpage
    278
  • Abstract
    Several approaches have been proposed to perform vulnerability analysis of applications written in high-level languages. However, little has been done to automatically identify security-relevant flaws in binary code. In this paper, we present a novel approach to the identification of vulnerabilities in x86 executables in ELF binary format. Our approach is based on static analysis and symbolic execution techniques. We implemented our approach in a proof-of-concept tool and used it to detect taint-style vulnerabilities in binary code. The results of our evaluation show that our approach is both practical and effective
  • Keywords
    machine oriented languages; program diagnostics; security of data; software tools; binary code; binary static analysis; executable and linking format; security-relevant flaws identification; symbolic execution; taint analysis; vulnerability analysis; x86 executables; Application software; Binary codes; Computer science; Geophysical measurement techniques; Ground penetrating radar; High level languages; Performance analysis; Risk analysis; Runtime; Security; Vulnerability analysis; binary static analysis; symbolic execution; taint analysis.;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Security Applications Conference, 2006. ACSAC '06. 22nd Annual
  • Conference_Location
    Miami Beach, FL
  • ISSN
    1063-9527
  • Print_ISBN
    0-7695-2716-7
  • Type

    conf

  • DOI
    10.1109/ACSAC.2006.50
  • Filename
    4041173
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2965488