  • BAO Tieyun,GAO Fengjuan,ZHOU Yan,LI You,WANG Linzhang,LI Xuandong.Automatically Validating Static Buffer Overflow Warnings based on Guided Symbolic Execution[J].Journal of Cyber Security,2016,1(2):46-60   [点击复制]
鲍铁匀1,2,3, 高凤娟1,2,3, 周严1,2,3, 李游1,2,3, 王林章1,2,3, 李宣东1,2,3
(1.计算机软件新技术国家重点实验室(南京大学) 南京 中国 210023;2.江苏省软件新技术与产业化协同创新中心 南京 中国 210023;3.南京大学计算机科学与技术系 南京 中国 210023)
关键词:  符号执行  缓冲区溢出  警报确认  目标制导
Automatically Validating Static Buffer Overflow Warnings based on Guided Symbolic Execution
BAO Tieyun1,2,3, GAO Fengjuan1,2,3, ZHOU Yan1,2,3, LI You1,2,3, WANG Linzhang1,2,3, LI Xuandong1,2,3
(1.State Key Laboratory of Novel Computer Software Technology, Nanjing University, Nanjing 210023, China;2.Jiangsu Novel Software Technology and Industrialization, Nanjing 210023, China;3.Department of Computer Science and Technology, Nanjing University, Nanjing 210023, China)
Buffer overflow vulnerability is a kind of serious security defect. Currently there are dynamic and static approaches to detect buffer overflow. The effectiveness of Dynamic tools depends on design of test case, and they often introduce execution overhead. Static program analysis techniques have been widely used in buffer overflow detection, which often report a large number of false warnings. Manual validating the results of static analysis is time consuming and error- prone, which severely limits the usefulness of static analysis tools. Symbolic execution is a promising software testing and analysis technology, which systematically explore execution space of test program and generates test cases with high coverage. In this paper we propose a novel approach for automatic buffer overflow warnings validating based on symbolic execution.Our approach is consist of three steps:firstly detect the reachability of statements in static analysis path segment in inter procedural control flow graph and map the static path segment sets to complete path sets which are used to be validated; secondly guide the symbolic execution so that we only focus on the execution paths that cover the buffer overflow warnings generated by static program analysis through pruning useless path; finally construct warning path constraints according to buffer overflow vulnerability models at suspicios statements and classify results depend on the output of constraint solver. Based on the proposed technique we implemented a prototype tool BOVTool and our experimental results on real open source programs show that the percentage of false warnings which do not need to be manually validated is 59.9% on average.
Key words:  symbolic execution  buffer overflow  warning validating  target guided