Static Detection of Vulnerabilities in x86 Executables

descriptionPublicationkeyboard_double_arrow_right Article , Conference object 01 Dec 2006Publisher:IEEEJournal:2006 22nd Annual Computer Security Applications Conference (ACSAC'06) (issn: 1063-9527,

Copyright policy )

Authors: Marco Cova; Viktoria Felmetsger; Greg Banks; Giovanni Vigna;

doi: 10.1109/acsac.2006.50

Static Detection of Vulnerabilities in x86 Executables

- Summary
- Metrics

Abstract

In the last few years, several approaches have been proposed to perform vulnerability analysis of applications written in high-level languages. However, little has been done to automatically identify security-relevant flaws in binary code. In this paper, we present a novel approach to the identification of vulnerabilities in x86 executables in ELF binary format. Our approach is based on static analysis and symbolic execution techniques. We implemented our approach in a proof-of-concept tool and used it to detect taint-style vulnerabilities in binary code. The results of our evaluation show that our approach is both practical and effective.

Related Organizations

University of California, Santa Barbara
United States

Impact byBIP!

	selected citations These citations are derived from selected sources. This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).	29
	popularity This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.	Top 10%
	influence This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).	Top 10%
	impulse This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.	Average