An effective taint‐based software vulnerability miner
ISSN: 0332-1649
Article publication date: 1 March 2013
Abstract
Purpose
The purpose of this paper is to propose an approach to detect Indirect Memory‐Corruption Exploit (IMCE) at runtime on binary code, which is often caused by integer conversion error. Real‐world attacks were evaluated for experimentation.
Design/methodology/approach
Current dynamic analysis detects attacks by enforcing low level policy which can only detect control‐flow hijacking attack. The proposed approach detects IMCE with high level policy enforcement using dynamic taint analysis. Unlike low‐level policy enforced on instruction level, the authors' policy is imposed on memory operation routine. The authors implemented a fine‐grained taint analysis system with accurate taint propagation for detection.
Findings
Conversion errors are common and most of them are legitimate. Taint analysis with high‐level policy can accurately block IMCE but have false positives. Proper design of data structures to maintain taint tag can greatly improve overhead.
Originality/value
This paper proposes an approach to block IMCE with high‐level policy enforcement using taint analysis. It has very low false negatives, though still causes certain false positives. The authors made several implementation contributions to strengthen accuracy and performance.
Keywords
Citation
Liu, Z., Zhang, X., Wu, Y. and Chen, T. (2013), "An effective taint‐based software vulnerability miner", COMPEL - The international journal for computation and mathematics in electrical and electronic engineering, Vol. 32 No. 2, pp. 467-484. https://doi.org/10.1108/03321641311296873
Publisher
:Emerald Group Publishing Limited
Copyright © 2013, Emerald Group Publishing Limited