Towards efficient heap overflow discovery
26th USENIX Security Symposium (USENIX Security 17), 2017•usenix.org
Heap overflow is a prevalent memory corruption vulnerability, playing an important role in
recent attacks. Finding such vulnerabilities in applications is thus critical for security. Many
state-of-art solutions focus on runtime detection, requiring abundant inputs to explore
program paths in order to reach a high code coverage and luckily trigger security violations.
It is likely that the inputs being tested could exercise vulnerable program paths, but fail to
trigger (and thus miss) vulnerabilities in these paths. Moreover, these solutions may also …
recent attacks. Finding such vulnerabilities in applications is thus critical for security. Many
state-of-art solutions focus on runtime detection, requiring abundant inputs to explore
program paths in order to reach a high code coverage and luckily trigger security violations.
It is likely that the inputs being tested could exercise vulnerable program paths, but fail to
trigger (and thus miss) vulnerabilities in these paths. Moreover, these solutions may also …
Abstract
Heap overflow is a prevalent memory corruption vulnerability, playing an important role in recent attacks. Finding such vulnerabilities in applications is thus critical for security. Many state-of-art solutions focus on runtime detection, requiring abundant inputs to explore program paths in order to reach a high code coverage and luckily trigger security violations. It is likely that the inputs being tested could exercise vulnerable program paths, but fail to trigger (and thus miss) vulnerabilities in these paths. Moreover, these solutions may also miss heap vulnerabilities due to incomplete vulnerability models.
usenix.org
以上显示的是最相近的搜索结果。 查看全部搜索结果