The BORG: Nanoprobing Binaries for Buffer Overreads

Matthias Neugschwandtner, Paolo Milani Comparetti, Istvan Haller, Herbert Bos

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review


Automated program testing tools typically try to explore, and cover, as much of a tested program as possible, while attempting to trigger and detect bugs. An alternative and complementary approach can be to first select a specific part of a program that may be subject to a specific class of bug, and then narrowly focus exploration towards program paths that could trigger such a bug. In this work, we introduce the BORG (Buffer Over-Read Guard), a testing tool that uses static and dynamic program analysis, taint propagation and symbolic execution to detect buffer overread bugs in real-world programs. BORG works by first selecting buffer accesses that could lead to an overread and then guiding symbolic execution towards those accesses along program paths that could actually lead to an overread. BORG operates on binaries and does not require source code. To demonstrate BORG's effectiveness, we use it to detect overreads in six complex server applications and libraries, including lighttpd, FFmpeg and ClamAV.
Original languageEnglish
Title of host publicationCODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy
PublisherAssociation for Computing Machinery, Inc
Number of pages11
ISBN (Electronic)9781450331913
Publication statusPublished - 2 Mar 2015
Event5th ACM Conference on Data and Application Security and Privacy (CODASPY 2015) - San Antonio, United States
Duration: 2 Mar 20154 Mar 2015


Conference5th ACM Conference on Data and Application Security and Privacy (CODASPY 2015)
Country/TerritoryUnited States
CitySan Antonio


Dive into the research topics of 'The BORG: Nanoprobing Binaries for Buffer Overreads'. Together they form a unique fingerprint.

Cite this