Journal of Software:2015.26(2):413-426

(计算机软件新技术国家重点实验室南京大学, 江苏 南京 210023;南京大学 计算机科学与技术系, 江苏 南京 210023)
Research on Integer-Based Vulnerabilities: Security Model, Detecting Methods and Real-World Cases
SUN Hao,ZENG Qing-Kai
(State Key Laboratory for Novel Software Technology Nanjing University, Nanjing 210023, China;Department of Computer Science and Technology, Nanjing University, Nanjing 210023, China)
Chart / table
Similar Articles
Article :Browse 5732   Download 3843
Received:May 04, 2014    Revised:July 16, 2014
> 中文摘要: C/C+ 语言中整型的有限表示范围、不同符号或长度间的类型转换导致了整数漏洞的发生,包括整数上溢、整数下溢、符号错误和截断错误.攻击者常常间接利用整数漏洞实施诸如恶意代码执行、拒绝服务等攻击行为.综述了整数漏洞的研究进展,从缺陷发生后行为的角度提出了新的整数漏洞安全模型,总结了判定整数漏洞的充分条件.从漏洞判定规则对充分条件覆盖的角度对现有检测方法进行比较和分析.通过实例分析,讨论了整数漏洞在现实中的特征分布.最后指出了整数漏洞研究中存在的挑战和有待进一步研究的问题.
Abstract:In C/C+ language, limited rages represented by integer types and castings between different signs or widths cause integer-based weakness, including integer overflow, integer underflow, signedness error and truncation error. Attackers usually exploit them indirectly to commit damaging acts such as arbitrary code execution and denial of service. This paper presents a survey on integer-based vulnerabilities. A novel security model is proposed in view of behaviors resulting from the weakness occurrence, and the sufficient conditions in determining integer-based vulnerabilities are also presented. A thorough comparison among detecting methods is further conducted in consideration of covering sufficient conditions. Through an empirical study on real-world integer bug cases, the characteristics and distributions are discussed. Finally, the challenges and research directions of integer-based vulnerabilities are explored.
文章编号:     中图分类号:    文献标志码:
基金项目:国家自然科学基金(61170070, 61431008, 61321491); 国家科技支撑计划(2012BAK26B01) 国家自然科学基金(61170070, 61431008, 61321491); 国家科技支撑计划(2012BAK26B01)
Foundation items:
Reference text:


SUN Hao,ZENG Qing-Kai.Research on Integer-Based Vulnerabilities: Security Model, Detecting Methods and Real-World Cases.Journal of Software,2015,26(2):413-426