The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
The current static analysis approaches for detecting stack overflow vulnerabilities in binaries are only usable to the functions in system libraries and not suitable for user defined functions. In this paper, we model the characteristic of stack overflow vulnerabilities and propose a static taint analysis method, which can recognize user defined functions that may have that type of vulnerabilities...
Current network protocol binary software testing methods cannot discover serious vulnerabilities in deep states. This article introduces a novel method based on multi-packet symbolic execution, which can drive the software to deep states, to test the whole network protocol binary software stacks. This article also presents a prototype system, S2EProtocol-multi, upon Selective Symbolic Execution (S2E)...
Traditional symbolic execution for testing software focuses on exploring the paths of the program. However, for stateful network protocol, this method is hard to explore all the protocol states. This paper proposes a novel method based on model-guided symbolic execution, which can associate the program paths with the protocol states and utilize the protocol model to guide the test to explore interesting...
The vulnerabilities existing in network protocol implementations are difficult to detect. The main reason is that the state space of complex protocol binary software is too large to explore. This paper proposes a novel approach that leverages selective symbolic execution to test network protocol binary software directly, which confines symbolic execution in the secure-sensitive area. This paper also...
In this paper a new vulnerability detecting method is proposed to detect buffer boundary violations. The main idea is to use the metric of array index manipulation rather than using any heuristic method. We employ a SVM-based classifier to classify the vulnerable functions and innocent functions. Then the vulnerable functions are fed to function call graph guided symbolic execution to precisely determine...
The vulnerabilities exist in Android binary software bring critical threat to Mobile Internet security. In this paper, we put forward a novel method to detect memory corruption vulnerabilities for Android binary software which builds upon memory accession security rules and selective symbolic execution. We also implemented our prototype system and the evaluation results show that our method can detect...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.