ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Hybrid analysis of executables to detect security vulnerabilities: security vulnerabilities
Full text PdfPdf (83 KB)
Source
India Software Engineering Conference archive
Proceeding of the 2nd annual conference on India software engineering conference table of contents
Pune, India
POSTER SESSION: Poster paper session table of contents
Pages 141-142  
Year of Publication: 2009
ISBN:978-1-60558-426-3
Authors
Pranith D. Kumar  IIT Kharagpur, Kharagpur, India
Anchal Nema  IIT Kharagpur, Kharagpur, India
Rajeev Kumar  IIT Kharagpur, Kharagpur, India
Sponsors
ACM: Association for Computing Machinery
SIGSOFT: ACM Special Interest Group on Software Engineering
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 10,   Downloads (12 Months): 57,   Citation Count: 0
Additional Information:

abstract   references   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1506216.1506248
What is a DOI?

ABSTRACT

Detection of vulnerabilities in executables is one of the major challenges facing the software industry and is mainly due to the unavailability of the source code. In this work, we present a hybrid approach which is a combination of static and dynamic analysis to identify vulnerabilities. In this approach, we first instrument the executable using PIN to extract the control flow and the corresponding assembly code using disassembler. We then perform static analysis on the assembly code for constraint bound checking using control flow and register bounds. In this way, we exploit the synergy between static and dynamic analysis to detect memory leaks, buffer overflow and dangling pointers.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
J. Bergeron , Mourad Debbabi , M. M. Erhioui , Béchir Ktari, Static Analysis of Binary Code to Isolate Malicious Behaviors, Proceedings of the 8th Workshop on Enabling Technologies on Infrastructure for Collaborative Enterprises, p.184-189, June 16-18, 1999
 
2
M. D. Ernst. Static and dynamic analysis: synergy and duality. In In WODA 2003: ICSE Workshop on Dynamic Analysis, pages 24--27, 2003.
3
Chi-Keung Luk , Robert Cohn , Robert Muth , Harish Patil , Artur Klauser , Geoff Lowney , Steven Wallace , Vijay Janapa Reddi , Kim Hazelwood, Pin: building customized program analysis tools with dynamic instrumentation, Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation, June 12-15, 2005, Chicago, IL, USA

INDEX TERMS

Primary Classification:
  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)
          Subjects: Invasive software (e.g., viruses, worms, Trojan horses)

Additional Classification:
  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)
          Subjects: Unauthorized access (e.g., hacking, phreaking)


General Terms:
Algorithms, Design, Experimentation, Security


Keywords:
hybrid analysis, instrumentation, memory errors, security vulnerabilities, slicing

Collaborative Colleagues:
Pranith D. Kumar: colleagues
Anchal Nema: colleagues
Rajeev Kumar: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player