An Approach to Vulnerability Searching of Integer Overflows in the Executable Program Code

R. A. Demidov; A. I. Pechenkin; P. D. Zegzhda

doi:10.3103/S0146411618080102

An Approach to Vulnerability Searching of Integer Overflows in the Executable Program Code

Authors: Demidov R.A.¹, Pechenkin A.I.¹, Zegzhda P.D.¹
Affiliations:
1. Peter the Great St.Petersburg Polytechnic University
Issue: Vol 52, No 8 (2018)
Pages: 1022-1028
Section: Article
URL: https://journal-vniispk.ru/0146-4116/article/view/175705
DOI: https://doi.org/10.3103/S0146411618080102
ID: 175705

Cite item

Full Text

Open Access
Restricted Access

Access granted
Restricted Access

Subscription Access

Abstract
About the authors
References
Supplementary files
Statistics

Abstract

This article proposes an approach to identifying integer overflow vulnerabilities in software represented by the executable code of x86 architecture. The approach is based on symbolic code execution and initially twofold representation of memory cells. A truncated control transfer graph is constructed from the machine code of the program, the paths in which are layer-by-layer checked for the feasibility of the vulnerability conditions. The proposed methods were implemented in practice and experimentally tested on the various code samples.

Keywords

vulnerability search, symbolic execution, symbolic memory, vulnerability classification, control flow graph, integer overflow

Supplementary files

Supplementary Files

Action

1. JATS XML

Download

Username
Password
Remember me

Forgot password?	Register

Username
Password
Remember me

Forgot password?	Register

An Approach to Vulnerability Searching of Integer Overflows in the Executable Program Code

Full Text

Abstract

Keywords

About the authors

R. A. Demidov

A. I. Pechenkin

P. D. Zegzhda

Supplementary files