Abstract
Automated program testing tools typically try to explore, and cover, as much of a tested program as possible, while attempting to trigger and detect bugs. An alternative and complementary approach can be to first select a specific part of a program that may be subject to a specific class of bug, and then narrowly focus exploration towards program paths that could trigger such a bug. In this work, we introduce the BORG (Buffer Over-Read Guard), a testing tool that uses static and dynamic program analysis, taint propagation and symbolic execution to detect buffer overread bugs in real-world programs. BORG works by first selecting buffer accesses that could lead to an overread and then guiding symbolic execution towards those accesses along program paths that could actually lead to an overread. BORG operates on binaries and does not require source code. To demonstrate BORG's effectiveness, we use it to detect overreads in six complex server applications and libraries, including lighttpd, FFmpeg and ClamAV.
Original language | English |
---|---|
Title of host publication | CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy |
Publisher | Association for Computing Machinery, Inc |
Pages | 87-97 |
Number of pages | 11 |
ISBN (Electronic) | 9781450331913 |
DOIs | |
Publication status | Published - 2 Mar 2015 |
Event | 5th ACM Conference on Data and Application Security and Privacy (CODASPY 2015) - San Antonio, United States Duration: 2 Mar 2015 → 4 Mar 2015 |
Conference
Conference | 5th ACM Conference on Data and Application Security and Privacy (CODASPY 2015) |
---|---|
Country/Territory | United States |
City | San Antonio |
Period | 2/03/15 → 4/03/15 |