Academic
Publications
IntScope: Automatically Detecting Integer Overflow Vulnerability in X86 Binary Using Symbolic Execution

IntScope: Automatically Detecting Integer Overflow Vulnerability in X86 Binary Using Symbolic Execution,Tielei Wang,Tao Wei,Zhiqiang Lin,Wei Zou

IntScope: Automatically Detecting Integer Overflow Vulnerability in X86 Binary Using Symbolic Execution   (Citations: 13)
BibTex | RIS | RefWorks Download
The number of identified integer overflow vulnerabilities has been increasing rapidly in recent years. In this paper, we present a system, IntScope, which can automatically de- tect integer overflow vulnerabilities in x86 binaries before an attacker does, with the goal of finally eliminating the vul- nerabilities. IntScope first translates the disassembled code into our own intermediate representation (IR), and then per- forms a path sensitive data flow analysis on the IR by lever- aging symbolic execution and taint analysis to identify the vulnerable point of integer overflow. Compared with other approaches, IntScope does not run the binary directly, and is scalable to large software as it can just symbolically ex- ecute the interesting program paths. Experimental results show IntScope is quite encouraging: it has detected more than 20 zero-day integer overflows (e.g., CVE-2008-4201, FrSIRT/ADV-2008-2919) in widely-used software such as QEMU, Xen and Xine.
Cumulative Annual
View Publication
The following links allow you to view full publications. These links are maintained by other sources not affiliated with Microsoft Academic Search.
Sort by: