More Web Proxy on the site http://driver.im/

Article

Using type qualifiers to analyze untrusted integers and detecting security flaws in c programs

Authors:

Ebrima N. Ceesay,

Matt BishopAuthors Info & Claims

DIMVA'06: Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment

Pages 1 - 16

https://doi.org/10.1007/11790754_1

Published: 13 July 2006 Publication History

Abstract

Incomplete or improper input validation is one of the major sources of security bugs in programs. While traditional approaches often focus on detecting string related buffer overflow vulnerabilities, we present an approach to automatically detect potential integer misuse, such as integer overflows in C programs. Our tool is based on CQual, a static analysis tool using type theory. Our techniques have been implemented and tested on several widely used open source applications. Using the tool, we found known and unknown integer related vulnerabilities in these applications

References

[1]

The ICAT team: Icat vulnerability statistics. http://icat.nist.gov/icat.cfm?function=statistics (2005)

[2]

Foster, J.S., Fhndrich, M., Aiken, A.: A theory of type qualifiers. In: Proceedings of ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'99), Atlanta, Georgia. (1999)

Digital Library

[3]

Shankar, U., Talwar, K., Foster, J.S., Wagner, D.: Detecting format string vulnerabilities with type qualifiers. In: Proceedings of the 10th Usenix Security Symposium, Washington, D.C. (2001)

Digital Library

[4]

Blexim: Basic integer overflows. Phrack Issue 0x3c, Phile 0x0a of 0x10 (2002)

[5]

CERT: Apache web server chunk handling vulnerability. Advisory CA-2002-17 (2002)

[6]

CERT: Openssh vulnerabilities in challenge response. Advisory CA-2002-18 (2002)

[7]

CERT: Integer overflow in sun rpc xdr library routines. Advisory CA-2003-10 (2003)

[8]

CERT: Apple quicktime contains an integer overflow in the "quicktime.qts" extension. Vulnerability Note VU#782958 (2004)

[9]

X-Force: Sendmail debugging function signed integer overflow. Vulnerability DB Entry 7016 (2001)

[10]

Chinchani, R., Iyer, A., Jayaraman, B., Upadhyaya, S.: Archerr: Runtime environment driven program safety. In: Proceedings of 9th European Symposium on Research in Computer Security. (1999)

[11]

Horovitz, O.: Big loop integer protection. Phrack Issue 0x3c, Phile 0x09 of 0x10 (2002)

[12]

Howard, M.: An overlooked construct and an integer overflow redux. http://msdn. microsoft.com/library/en-us/dncode/html/secure09112003.asp (2003)

[13]

Howard, M.: Reviewing code for integer manipulation vulnerabilities. http://msdn. microsoft.com/library/en-us/dncode/html/secure04102003.asp (2003)

[14]

LeBlanc, D.: Integer handling with the c++ safeint class. http://msdn.microsoft. com/library/en-us/dncode/html/secure01142004.asp (2004)

[15]

Biba, K.J.: Integrity considerations for secure computer system. Technical Report ESD-TR- 76-372, MTR-3153, The MITRE Corporation, USAF Electronic Systems Division, Bedford, MA (1977)

[16]

Johnson, R., Wagner, D.: Finding user/kernel pointer bugs with type inference. In: Proceedings of the 13th USENIX Security Symposium, San Diego, CA. (2004)

Digital Library

[17]

Foster, J.S.: Type Qualifiers: Lightweight Specifications to Improve Software Quality. PhD thesis, University of California, Berkeley (2002)

Digital Library

[18]

Boutell.com: Gd graphics library. http://www.boutell.com/gd/ (2004)

[19]

Gentoo Linux: Gd: Integer overflow. Security Advisory GLSA 200411-08 (2004)

[20]

The rsync project: News for rsync 2.5.7. http://rsync.samba.org (2003)

[21]

Sirainen, T.: Possible security hole. http://www.mail-archive.com/rsync@ lists.samba.org/msg08271.html (2003)

[22]

The GNOME Project: Gnome imaging model - gdkpixbuf. http://developer.gnome.org/arch/imaging/gdkpixbuf.html (2003)

[23]

CERT: Gdkpixbuf xpm parser contains a heap overflow vulnerability. Vulnerability Note VU#729894 (2004)

[24]

CERT: Gdkpixbuf ico parser contains a integer overflow vulnerability. Vulnerability Note VU#577654 (2004)

[25]

CERT: Libtiff contains multiple heap-based buffer overflows. Vulnerability Note VU#948752 (2004)

[26]

Su, Z., Wagner, D.: A class of polynomially solvable range constraints for interval analysis without widenings and narrowings. In: Proceedings of Tenth Internal Conference on Tools and Algorithms for the Construction and Analysis of Systems. (2004)

[27]

Viega, J., Bloch, J.T., Kohno, T., McGraw, G.: ITS4: A static vulnerability scanner for C and C++ code. ACM Transactions on Information and System Security 5 (2002)

Digital Library

[28]

Secure Software Inc.: Rats: Rough auditing tool for security. http://www.securesw.com/rats.php (2002)

[29]

Wheeler, D.A.: Flawfinder. http://www.dwheeler.com/flawfinder/ (2001)

[30]

Evans, D.: Static detection of dynamic memory errors. In: Proceedings of the 1996 ACM Conference on Programming Language Design and Implementation (SIGPLAN). (1996) 44-53

Digital Library

[31]

Ashcraft, K., Engler, D.R.: Using programmer-written compiler extensions to catch security holes. In: Proceedings of IEEE Symposium on Security and Privacy. (2002) 143-159

Digital Library

Cited By

Sidiroglou-Douskos SLahtinen ERittenhouse NPiselli PLong FKim DRinard M(2015)Targeted Automatic Integer Overflow Discovery Using Goal-Directed Conditional Branch EnforcementACM SIGARCH Computer Architecture News10.1145/2786763.269438943:1(473-486)Online publication date: 14-Mar-2015
https://dl.acm.org/doi/10.1145/2786763.2694389
Sidiroglou-Douskos SLahtinen ERittenhouse NPiselli PLong FKim DRinard M(2015)Targeted Automatic Integer Overflow Discovery Using Goal-Directed Conditional Branch EnforcementACM SIGPLAN Notices10.1145/2775054.269438950:4(473-486)Online publication date: 14-Mar-2015
https://dl.acm.org/doi/10.1145/2775054.2694389
Sun HZhang XSu CZeng QBao FMiller SZhou JAhn G(2015)Efficient Dynamic Tracking Technique for Detecting Integer-Overflow-to-Buffer-Overflow VulnerabilityProceedings of the 10th ACM Symposium on Information, Computer and Communications Security10.1145/2714576.2714605(483-494)Online publication date: 14-Apr-2015
https://dl.acm.org/doi/10.1145/2714576.2714605
Show More Cited By

Using type qualifiers to analyze untrusted integers and detecting security flaws in c programs
1. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Software defect analysis

Recommendations

Detecting and Preventing Type flaws: a Control Flow Analysis with Tags

A type flaw attack on a security protocol is an attack where an honest principal is cheated on interpreting a field in a message as the one with a type other than the intended one. In this paper, we shall present an extension of the LySa calculus with ...
Detecting and preventing type flaws at static time
Security Issues in Concurrency (SecCo'07)

A type flaw attack on a security protocol is an attack where an honest principal is cheated on interpreting a field in a message as the one with a type other than the intended one. In this paper, we shall present an extension of the LYSA calculus to ...
Overcoming programming flaws: indexing of common software vulnerabilities
InfoSecCD '05: Proceedings of the 2nd annual conference on Information security curriculum development

The goal of this research project was to identify categories of programming flaws that lead to software bugs and index existing vulnerability reports against those categories. A keyword-based search placed 70% of the records from the OSVDB and CVE ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Guide Proceedings

DIMVA'06: Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment

July 2006

194 pages

ISBN:354036014X

Editors:
Roland Büschkes
RWE AG, Opernplatz 1, Essen, Germany
,
Pavel Laskov
Wilhelm-Schickard-Institute for Computer Science, University of Tübingen, Opernplatz 1, Tübingen, Germany

Sponsors

Runs: Runs
McAfee: McAfee
Symantec: Symantec
Techonologiestiftung Berlin: Techonologiestiftung Berlin

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 13 July 2006

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

10
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 11 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Sidiroglou-Douskos SLahtinen ERittenhouse NPiselli PLong FKim DRinard M(2015)Targeted Automatic Integer Overflow Discovery Using Goal-Directed Conditional Branch EnforcementACM SIGARCH Computer Architecture News10.1145/2786763.269438943:1(473-486)Online publication date: 14-Mar-2015
https://dl.acm.org/doi/10.1145/2786763.2694389
Sidiroglou-Douskos SLahtinen ERittenhouse NPiselli PLong FKim DRinard M(2015)Targeted Automatic Integer Overflow Discovery Using Goal-Directed Conditional Branch EnforcementACM SIGPLAN Notices10.1145/2775054.269438950:4(473-486)Online publication date: 14-Mar-2015
https://dl.acm.org/doi/10.1145/2775054.2694389
Sun HZhang XSu CZeng QBao FMiller SZhou JAhn G(2015)Efficient Dynamic Tracking Technique for Detecting Integer-Overflow-to-Buffer-Overflow VulnerabilityProceedings of the 10th ACM Symposium on Information, Computer and Communications Security10.1145/2714576.2714605(483-494)Online publication date: 14-Apr-2015
https://dl.acm.org/doi/10.1145/2714576.2714605
Sidiroglou-Douskos SLahtinen ERittenhouse NPiselli PLong FKim DRinard MOzturk OEbcioglu KDwarkadas S(2015)Targeted Automatic Integer Overflow Discovery Using Goal-Directed Conditional Branch EnforcementProceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems10.1145/2694344.2694389(473-486)Online publication date: 14-Mar-2015
https://dl.acm.org/doi/10.1145/2694344.2694389
Long FSidiroglou-Douskos SKim DRinard M(2014)Sound input filter generation for integer overflow errorsACM SIGPLAN Notices10.1145/2578855.253588849:1(439-452)Online publication date: 8-Jan-2014
https://dl.acm.org/doi/10.1145/2578855.2535888
Long FSidiroglou-Douskos SKim DRinard MJagannathan SSewell P(2014)Sound input filter generation for integer overflow errorsProceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages10.1145/2535838.2535888(439-452)Online publication date: 11-Jan-2014
https://dl.acm.org/doi/10.1145/2535838.2535888
Coker ZHafiz MNotkin DCheng BPohl K(2013)Program transformations to fix C integersProceedings of the 2013 International Conference on Software Engineering10.5555/2486788.2486892(792-801)Online publication date: 18-May-2013
https://dl.acm.org/doi/10.5555/2486788.2486892
Wang XChen HJia ZZeldovich NKaashoek MVahdat AThekkath C(2012)Improving integer security for systems with KINTProceedings of the 10th USENIX conference on Operating Systems Design and Implementation10.5555/2387880.2387897(163-177)Online publication date: 8-Oct-2012
https://dl.acm.org/doi/10.5555/2387880.2387897
Hafiz MLopes CFisher K(2011)An 'explicit type enforcement' program transformation tool for preventing integer vulnerabiliitesProceedings of the ACM international conference companion on Object oriented programming systems languages and applications companion10.1145/2048147.2048158(21-22)Online publication date: 22-Oct-2011
https://dl.acm.org/doi/10.1145/2048147.2048158
Zhang CWang TWei TChen YZou W(2010)IntPatchProceedings of the 15th European conference on Research in computer security10.5555/1888881.1888888(71-86)Online publication date: 20-Sep-2010
https://dl.acm.org/doi/10.5555/1888881.1888888

View Options

View options

Media

Figures

Other

Tables

View Table of Contents