Sanjay Rawat, Dumitru Ceara, Laurent Mounier, Marie-Laure Potet
Published 2013-05-16Version 1
In this paper, we present a hybrid approach for buffer overflow detection in C code. The approach makes use of static and dynamic analysis of the application under investigation. The static part consists in calculating taint dependency sequences (TDS) between user controlled inputs and vulnerable statements. This process is akin to program slice of interest to calculate tainted data- and control-flow path which exhibits the dependence between tainted program inputs and vulnerable statements in the code. The dynamic part consists of executing the program along TDSs to trigger the vulnerability by generating suitable inputs. We use genetic algorithm to generate inputs. We propose a fitness function that approximates the program behavior (control flow) based on the frequencies of the statements along TDSs. This runtime aspect makes the approach faster and accurate. We provide experimental results on the Verisec benchmark to validate our approach.
Comments: There are 15 pages with 1 figure
Hands Off my Database: Ransomware Detection in Databases through Dynamic Analysis of Query Sequences
Literature review on vulnerability detection using NLP technology
Two Trends in Mobile Security: Financial Motives and Transitioning from Static to Dynamic Analysis
![QR code for arXiv:1305.3883 [cs.CR]](http://oss.arxitics.com/images/favicon.svg)