Static Detection of Vulnerabilities in x86 Executables

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Marco Cova Articles by Viktoria Felmetsger Articles by Greg Banks Articles by Giovanni Vigna

22nd Annual Computer Security Applications Conference (ACSAC'06)

Miami Beach, Florida, USA

December 11-December 15

ISBN: 0-7695-2716-7

	ASCII Text	x
	Marco Cova, Viktoria Felmetsger, Greg Banks, Giovanni Vigna, "Static Detection of Vulnerabilities in x86 Executables," Computer Security Applications Conference, Annual, pp. 269-278, 22nd Annual Computer Security Applications Conference (ACSAC'06), 2006.

	BibTex	x
	@article{ 10.1109/ACSAC.2006.50, author = {Marco Cova and Viktoria Felmetsger and Greg Banks and Giovanni Vigna}, title = {Static Detection of Vulnerabilities in x86 Executables}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {2006}, issn = {1063-9527}, pages = {269-278}, doi = {http://doi.ieeecomputersociety.org/10.1109/ACSAC.2006.50}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - Static Detection of Vulnerabilities in x86 Executables SN - 1063-9527 SP269 EP278 A1 - Marco Cova, A1 - Viktoria Felmetsger, A1 - Greg Banks, A1 - Giovanni Vigna, PY - 2006 KW - Vulnerability analysis KW - binary static analysis KW - symbolic execution KW - taint analysis. VL - 0 JA - Computer Security Applications Conference, Annual ER -

Marco Cova, University of California, Santa Barbara, USA

Viktoria Felmetsger, University of California, Santa Barbara, USA

Greg Banks, University of California, Santa Barbara, USA

Giovanni Vigna, University of California, Santa Barbara, USA

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ACSAC.2006.50

In the last few years, several approaches have been proposed to perform vulnerability analysis of applications written in high-level languages. However, little has been done to automatically identify security-relevant flaws in binary code.

In this paper, we present a novel approach to the identification of vulnerabilities in x86 executables in ELF binary format. Our approach is based on static analysis and symbolic execution techniques. We implemented our approach in a proof-of-concept tool and used it to detect taint-style vulnerabilities in binary code. The results of our evaluation show that our approach is both practical and effective.

Index Terms:

Vulnerability analysis, binary static analysis, symbolic execution, taint analysis.

Citation:

Marco Cova, Viktoria Felmetsger, Greg Banks, Giovanni Vigna, "Static Detection of Vulnerabilities in x86 Executables," acsac, pp.269-278, 22nd Annual Computer Security Applications Conference (ACSAC'06), 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.