DOI: 10.3724/SP.J.1001.2013.04385

Journal of Software (软件学报) 2013/24:12 PP.2767-2781

Statically Detect and Run-Time Check Integer-Based Vulnerabilities with Information Flow

An approach to detecting integer-based vulnerabilities is proposed based on information-flow analysis in order to improve the run-time performance. In this approach, only the unsafe integer operations on tainted information flow paths, which can be controlled by users and involved in sensitive operations, need to be instrumented with run-time check code, so that both the density of static instrumentation and performance overhead are reduced. Based on this approach, a prototype system called DRIVER (detect and run-time check integer-based vulnerabilities with information flow) is implemented as an extension to the GCC compiler and tested on a number of real-world applications. The experimental results show that this approach is effective, scalable, light-weight and capable of locating the root cause.

Key words:integer-based vulnerability,information flow,taint analysis,instrumentation

ReleaseDate:2014-07-21 17:01:15