Search method for format string vulnerabilities
In this paper search method for format string vulnerabilities is presented. The method is based on dynamic analysis and symbolic execution. It is applied to program binaries, without requiring debug information. We present a tool implementing this method. We have used this tool to detect known vulne...
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Ivannikov Institute for System Programming of the Russian Academy of Sciences
2018-10-01
|
| Series: | Труды Института системного программирования РАН |
| Subjects: | |
| Online Access: | https://ispranproceedings.elpub.ru/jour/article/view/596 |
| _version_ | 1818206066967576576 |
|---|---|
| author | I. A. Vakhrushev V. V. Kaushan V. A. Padaryan A. N. Fedotov |
| author_facet | I. A. Vakhrushev V. V. Kaushan V. A. Padaryan A. N. Fedotov |
| author_sort | I. A. Vakhrushev |
| collection | DOAJ |
| description | In this paper search method for format string vulnerabilities is presented. The method is based on dynamic analysis and symbolic execution. It is applied to program binaries, without requiring debug information. We present a tool implementing this method. We have used this tool to detect known vulnerabilities in Linux programs. |
| first_indexed | 2024-12-12T04:07:07Z |
| format | Article |
| id | doaj.art-712f5cbc7cb743d693bc1915e08a0c58 |
| institution | Directory Open Access Journal |
| issn | 2079-8156 2220-6426 |
| language | English |
| last_indexed | 2024-12-12T04:07:07Z |
| publishDate | 2018-10-01 |
| publisher | Ivannikov Institute for System Programming of the Russian Academy of Sciences |
| record_format | Article |
| series | Труды Института системного программирования РАН |
| spelling | doaj.art-712f5cbc7cb743d693bc1915e08a0c582022-12-22T00:38:45ZengIvannikov Institute for System Programming of the Russian Academy of SciencesТруды Института системного программирования РАН2079-81562220-64262018-10-01274233810.15514/ISPRAS-2015-27(4)-2596Search method for format string vulnerabilitiesI. A. Vakhrushev0V. V. Kaushan1V. A. Padaryan2A. N. Fedotov3ИСП РАНИСП РАНИСП РАН; МГУ имени М.В. Ломоносова, 2-й учебный корпус, факультет ВМКИСП РАНIn this paper search method for format string vulnerabilities is presented. The method is based on dynamic analysis and symbolic execution. It is applied to program binaries, without requiring debug information. We present a tool implementing this method. We have used this tool to detect known vulnerabilities in Linux programs.https://ispranproceedings.elpub.ru/jour/article/view/596уязвимость форматной строкибинарный кодэксплуатация уязвимостейдинамический анализсимвольное выполнение |
| spellingShingle | I. A. Vakhrushev V. V. Kaushan V. A. Padaryan A. N. Fedotov Search method for format string vulnerabilities Труды Института системного программирования РАН уязвимость форматной строки бинарный код эксплуатация уязвимостей динамический анализ символьное выполнение |
| title | Search method for format string vulnerabilities |
| title_full | Search method for format string vulnerabilities |
| title_fullStr | Search method for format string vulnerabilities |
| title_full_unstemmed | Search method for format string vulnerabilities |
| title_short | Search method for format string vulnerabilities |
| title_sort | search method for format string vulnerabilities |
| topic | уязвимость форматной строки бинарный код эксплуатация уязвимостей динамический анализ символьное выполнение |
| url | https://ispranproceedings.elpub.ru/jour/article/view/596 |
| work_keys_str_mv | AT iavakhrushev searchmethodforformatstringvulnerabilities AT vvkaushan searchmethodforformatstringvulnerabilities AT vapadaryan searchmethodforformatstringvulnerabilities AT anfedotov searchmethodforformatstringvulnerabilities |