| RICB:基于缓冲区溢出的整数溢出漏洞动态分析 |
| |
| 引用本文: | 王勇,谷大武,徐建平,温蜜,邓利文.RICB:基于缓冲区溢出的整数溢出漏洞动态分析[J].中国通信学报,2010,7(6):10-16. |
| |
| 作者姓名: | 王勇 谷大武 徐建平 温蜜 邓利文 |
| |
| 摘 要: |
|
| 收稿时间: | 2011-06-21; |
RICB: Integer Overflow Vulnerability Dynamic Analysis via Buffer Overflow |
| |
| Wang Yong,Gu Dawu,Xu Jianping,Wen Mi,Deng Liwen.RICB: Integer Overflow Vulnerability Dynamic Analysis via Buffer Overflow[J].China communications magazine,2010,7(6):10-16. |
| |
| Authors: | Wang Yong Gu Dawu Xu Jianping Wen Mi Deng Liwen |
| |
| Affiliation: | Shanghai University of Electric Power, Shanghai 200090, P. R. China Shanghai Jiao Tong University, Shanghai 200240, P. R. China Shanghai Changjiang Computer Group Corporation, Shanghai 200001, P. R. China |
| |
| Abstract: | Integer overflow vulnerability will cause buffer overflow. The research on the relationship between them will help us to detect integer overflow vulnerability. We present a dynamic analysis methods RICB (Run-time Integer Checking via Buffer overflow). Our approach includes decompile execute file to assembly language; debug the execute file step into and step out; locate the overflow points and checking buffer overflow caused by integer overflow. We have implemented our approach in three buffer overflow types: format string overflow, stack overflow and heap overflow. Experiments results show that our approach is effective and efficient. We have detected more than 5 known integer overflow vulnerabilities via buffer overflow. |
| |
| Keywords: | integer overflow format string overflow buffer overflow |
|
| 点击此处可从《中国通信学报》浏览原始摘要信息 |
|
点击此处可从《中国通信学报》下载全文 |
|
