Skip to main content
SpringerLink
Log in
Book cover

International Conference on Information Security Practice and Experience

ISPEC 2013: Information Security Practice and Experience pp 295–308Cite as

VulLocator: Automatically Locating Vulnerable Code in Binary Programs

  • Conference paper

  • 1183 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7863))

Abstract

It usually takes rather long time to generate patches for vulnerabilities. For example, an analysis on 21 recent Microsoft patches shows that it usually takes 115 days on average to generate and release a patch. The longer it takes to generate a patch, the higher the risk a vulnerable system needs to take. In patch generation process, perhaps the core part is to find the vulnerable code in software from zero-day attacks or crash reports. However, this is not easy since there are millions of instructions in an ordinary execution path. In this paper, we present VulLocator, a system that aims at automatically locating vulnerable code in software without requiring any source code. VulLocator could analyze different types of vulnerabilities including stack/heap/integer overflow, double free, memory corruption, format string and division by zero. By generating vulnerability dependence tree, it decreases the number of instructions that need to be analyzed (from millions of instructions to dozens of instructions). VulLocator could also generate a sample patch for temporarily defending against attacks. Analysts could also benefit from the information given by VulLocator to generate more fine-grained patches. Several experiments with real-world exploits are made on VulLocator. The results show that VulLocator could successfully find the vulnerable code in binary programs both effectively and efficiently.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. CNN: Cost of ‘code red’ rising (2001), http://articles.cnn.com/2001-08-08/tech/code.red.II_1_russ-cooper-code-red-ii-internal-networks?_s=PM:TECH

  2. Lin, Z., Jiang, X., Xu, D., Mao, B., Xie, L.: Autopag: towards automated software patch generation with source code root cause identification and repair. In: Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, pp. 329–340. ACM (2007)

    Google Scholar 

  3. Chen, K., Lian, Y., Zhang, Y.: Automatically generating patch in binary programs using attribute-based taint analysis. Information and Communications Security, 367–382 (2010)

    Google Scholar 

  4. Perkins, J., et al.: Automatically patching errors in deployed software. In: Proceedings of the ACM SIGOPS 22nd Symposium on Operating Systems Principles, pp. 87–102. ACM (2009)

    Google Scholar 

  5. Weimer, W., Nguyen, T., Le Goues, C., Forrest, S.: Automatically finding patches using genetic programming. In: Proceedings of the 31st International Conference on Software Engineering, pp. 364–374. IEEE Computer Society (2009)

    Google Scholar 

  6. Johnson, N., Caballero, J., Chen, K., McCamant, S., Poosankam, P., Reynaud, D., Song, D.: Differential slicing: Identifying causal execution differences for security applications. In: 2011 IEEE Symposium on Security and Privacy (SP), pp. 347–362. IEEE (2011)

    Google Scholar 

  7. Forrest, S., Nguyen, T., Weimer, W., Le Goues, C.: A genetic programming approach to automated software repair. In: Proceedings of the 11th Annual Conference on Genetic and Evolutionary Computation, pp. 947–954. ACM (2009)

    Google Scholar 

  8. Nguyen, T., Weimer, W., Le Goues, C., Forrest, S.: Using execution paths to evolve software patches. In: Proceedings of the IEEE International Conference on Software Testing, Verification, and Validation Workshops, pp. 152–153. IEEE Computer Society (2009)

    Google Scholar 

  9. Kranakis, E., Haroutunian, E., Shahbazian, E.: The case for self-healing software. Aspects of Network and Information Security 47 (2008)

    Google Scholar 

  10. Sidiroglou, S., Keromytis, A.: Countering network worms through automatic patch generation. IEEE Security & Privacy 3(6), 41–49 (2005)

    Article  Google Scholar 

  11. Chilimbi, T., Liblit, B., Mehra, K., Nori, A., Vaswani, K.: Holmes: Effective statistical debugging via efficient path profiling. In: Proceedings of the IEEE 31st International Conference on Software Engineering, pp. 34–44. IEEE Computer Society (2009)

    Google Scholar 

  12. Tucek, J., Newsome, J., Lu, S., Huang, C., Xanthos, S., Brumley, D., Zhou, Y., Song, D.: Sweeper: A lightweight end-to-end system for defending against fast worms. ACM SIGOPS Operating Systems Review 41(3), 128 (2007)

    Article  Google Scholar 

  13. Smirnov, A., Chiueh, T.: Automatic patch generation for buffer overflow attacks. In: The Third International Symposium on Information Assurance and Security, pp. 165–170 (2007)

    Google Scholar 

  14. Weiser, M.: Program slicing. IEEE Transaction on Software Engineering, 352–357 (1984)

    Google Scholar 

  15. Ferrante, J., Ottenstein, K.J., Warren, J.D.: The program dependence graph and its use in optimization. ACM Transactions on Programming Languages and Systems (TOPLAS) 9(3), 319–349 (1987)

    Article  MATH  Google Scholar 

  16. Rinard, M., Cadar, C., Dumitran, D., Roy, D., Leu, T., Beebee Jr., W.: Enhancing server availability and security through failure-oblivious computing. In: Proceedings of the 6th Conference on Symposium on Opearting Systems Design & Implementation, vol. 6, p. 21. USENIX Association (2004)

    Google Scholar 

  17. Newsome, J., Song, D.: Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In: Proceedings of the 12th Annual Network and Distributed System Security Symposium (2005)

    Google Scholar 

  18. Newsome, J., Brumley, D., Song, D.: Vulnerability-specific execution filtering for exploit prevention on commodity software. In: Proceedings of the 13th Symposium on Network and Distributed System Security (NDSS) (2006)

    Google Scholar 

  19. Crandall, J., Su, Z., Wu, S., Chong, F.: On deriving unknown vulnerabilities from zero-day polymorphic and metamorphic worm exploits. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, pp. 235–248. ACM, New York (2005)

    Chapter  Google Scholar 

  20. Costa, M., Crowcroft, J., Castro, M., Rowstron, A., Zhou, L., Zhang, L., Barham, P.: Vigilante: end-to-end containment of internet worms. In: Proceedings of the Twentieth ACM Symposium on Operating Systems Principles, pp. 133–147 (2005)

    Google Scholar 

  21. Portokalidis, G., Slowinska, A., Bos, H.: Argos: an emulator for fingerprinting zero-day attacks for advertised honeypots with automatic signature generation. In: Proceedings of the 2006 EuroSys Conference, pp. 15–27 (2006)

    Google Scholar 

  22. Baratloo, A., Singh, N., Tsai, T.: Transparent run-time defense against stack smashing attacks. In: Proceedings of the USENIX Annual Technical Conference, pp. 251–262 (2000)

    Google Scholar 

  23. Kc, G., Keromytis, A., Prevelakis, V.: Countering code-injection attacks with instruction-set randomization. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, pp. 272–280. ACM (2003)

    Google Scholar 

  24. Luk, C., et al.: Pin: building customized program analysis tools with dynamic instrumentation. In: Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 190–200. ACM (2005)

    Google Scholar 

  25. Exploit DB: Exploit database (2012), http://www.exploit-db.com

Download references

Author information

Authors and Affiliations

  1. Institute of Software, Chinese Academy of Sciences, China

    Yingjun Zhang & Yifeng Lian

  2. Institute of Information Engineering, Chinese Academy of Sciences, China

    Kai Chen

Authors
  1. Yingjun Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kai Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yifeng Lian
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Information Systems, Singapore Management University, 178902, Singapore, Singapore

    Robert H. Deng

  2. School of Computer and Communication, University of technology, 730050, Lanzhou, China

    Tao Feng

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Zhang, Y., Chen, K., Lian, Y. (2013). VulLocator: Automatically Locating Vulnerable Code in Binary Programs. In: Deng, R.H., Feng, T. (eds) Information Security Practice and Experience. ISPEC 2013. Lecture Notes in Computer Science, vol 7863. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38033-4_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-38033-4_21

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-38032-7

  • Online ISBN: 978-3-642-38033-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation