Embedded and Ubiquitous Computing, IEEE/IFIP International Conference on (2010)
Hong Kong, China
Dec. 11, 2010 to Dec. 13, 2010
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/EUC.2010.88
The automatic detection of security vulnerabilities in binary program is challenging and lacks efficient tools. Current research and tools are mostly restricted to a specific platform and environment, which induces the trouble to detect all kinds of vulnerabilities with unified approach. Moreover, Existing methods need many manual operations and rely on the experience of researchers. This paper presents a cross-platform system for automatically software vulnerability detection based on uniform intermediate representation. It supports many platforms, including x86, PowerPC and ARM. The system lifts underlying instructions to intermediate representation from several platforms. Platform-independent analysis method is implemented based on intermediate representation by static analysis. It also uses a vulnerability pattern driver extracted from experience and knowledge to drive the automatic vulnerability detection during the analysis. The system called PDVDS has been realized. We have evaluated its effectiveness through validating many known vulnerabilities and detecting three zero-day vulnerabilities.
vulnerability detection, software analysis, static analysis, pattern-driven, uniform intermediate representation
F. Jiang, J. Wang, J. Wang, J. Yang and S. Cheng, "PDVDS: A Pattern-Driven Software Vulnerability Detection System," 2010 IEEE/IFIP 8th International Conference on Embedded and Ubiquitous Computing (EUC 2010)(EUC), Hong Kong, 2010, pp. 536-541.