Search method for format string vulnerabilities

Search method for format string vulnerabilities

In this paper search method for format string vulnerabilities is presented. The method is based on dynamic analysis and symbolic execution. It is applied to program binaries, without requiring debug information. We present a tool implementing this method. We have used this tool to detect known vulne...

Full description

Bibliographic Details
Main Authors:	I. A. Vakhrushev, V. V. Kaushan, V. A. Padaryan, A. N. Fedotov
Format:	Article
Language:	English
Published:	Ivannikov Institute for System Programming of the Russian Academy of Sciences 2018-10-01
Series:	Труды Института системного программирования РАН
Subjects:	уязвимость форматной строки бинарный код эксплуатация уязвимостей динамический анализ символьное выполнение
Online Access:	https://ispranproceedings.elpub.ru/jour/article/view/596

Similar Items

Automated exploit generation method for stack buffer overflow vulnerabilities
by: V. A. Padaryan, et al.
Published: (2018-10-01)

Memory violation detection method in binary code
by: V. V. Kaushan, et al.
Published: (2018-10-01)

Software defect severity estimation in presence of modern defense mechanisms
by: A. N. Fedotov, et al.
Published: (2018-10-01)

Buffer overrun detection method in binary code
by: V. V. Kaushan
Published: (2018-10-01)

Method for exploitability estimation of program bugs
by: A. N. Fedotov
Published: (2018-10-01)

Building security predicates for some types of vulnerabilities
by: A. N. Fedotov, et al.
Published: (2018-10-01)

Methods and software tools for combined binary code analysis
by: V. A. Padaryan, et al.
Published: (2018-10-01)

On representation used in the binary code reverse engineering
by: V. A. Padaryan
Published: (2018-10-01)

Development of taint-analysis methods to solve the problem of searching of undeclared features
by: A. Y. Tichonov, et al.
Published: (2018-10-01)

Автоматизация разработки моделей устройств и вычислительных машин для QEMU
by: V. Yu. Efimov, et al.
Published: (2018-10-01)

Summary-based method of implementing arbitrary context-sensitive checks for source-based analysis via symbolic execution
by: A. . Dergachev, et al.
Published: (2018-10-01)

An approach to the C string analysis for buffer overflow detection
by: I. A. Dudina, et al.
Published: (2018-12-01)

Automated generation of machine instruction decoders
by: N. Yu. Fokina, et al.
Published: (2018-10-01)

Using a Bounded Model Checker for Test Generation: How to Kill Two Birds with One SMT-solver
by: Maxim Petrov, et al.
Published: (2014-12-01)

On Some Limitations of Information Flow Tracking in Full-system Emulators
by: M. A. Klimushenkova, et al.
Published: (2018-10-01)

Method for analysis of code-reuse attacks
by: A. V. Vishnyakov, et al.
Published: (2018-12-01)

A WEB-APPLICATION QUALITY EVALUATION METHOD BASED ON VULNERABILITY DETECTION
by: D. E. Onoshko, et al.
Published: (2018-05-01)

Compiler protection techniques against software vulnerabilities exploitation
by: A. R. Nurmukhametov, et al.
Published: (2018-10-01)

Dynamic program analysis for error detection using goal-seeking input data generation
by: S. P. Vartanov, et al.
Published: (2018-10-01)

The Study into Cross-Site Request Forgery Attacks within the Framework of Analysis of Software Vulnerabilities
by: A. V. Barabanov, et al.
Published: (2018-10-01)

Application of software emulators for the binary code analysis
by: P. M. Dovgalyuk, et al.
Published: (2018-10-01)

Dynamic analysis of virtualization- and dispatching-obfuscated applications
by: M. G. Bakulin, et al.
Published: (2018-10-01)

An approach of reachability determination for static analysis defects with help of dynamic symbolic execution
by: A. Y. Gerasimov, et al.
Published: (2018-10-01)

Input data generation for reaching specific function in program by iterative dynamic analysis
by: A. Y. Gerasimov, et al.
Published: (2018-10-01)

Format recovery
by: A. I. Getman, et al.
Published: (2018-10-01)

Applying Java bytecode static instrumentation for software dynamic analysis
by: S. P. Vartanov, et al.
Published: (2018-10-01)

Instruction scheduling and software pipelining for modern architectures
by: Arutyun Avetisyan
Published: (2018-10-01)

Survey on static program analysis results refinement approaches
by: A. Y. Gerasimov
Published: (2018-10-01)

Fast and Safe Concrete Code Execution for Reinforcing Static Analysis and Verification
by: M. Belyaev, et al.
Published: (2015-12-01)

Avalanche: Using dynamic analysis for automatic defect detection in programs based on network sockets
by: Ildar Isaev, et al.
Published: (2018-10-01)

Automatic concurrency defect detection for Android applications
by: V. P. Ivannikov, et al.
Published: (2018-10-01)

Recovery of binary data structures from program traces
by: A. I. Avetisyan, et al.
Published: (2018-10-01)

Statically detecting buffer overflows in C/C++
by: I. . Dudina, et al.
Published: (2018-10-01)

Raising the level of abstraction of program execution trace
by: A. G. Nazarov, et al.
Published: (2018-10-01)

Clinical and epidemiological characteristics of meningococcal infection morbidity in Penza Region for the period 2007-2019
by: V. L. Melnikov, et al.
Published: (2021-10-01)

Classification of ROP gadgets
by: A. V. Vishnyakov
Published: (2018-10-01)

Applying iterative dynamic analysis to programs with graphical user interface
by: M. K. Ermakov, et al.
Published: (2018-10-01)

Dynamic analysis of programs with graphical user interface based on symbolic execution
by: S. P. Vartanov, et al.
Published: (2018-10-01)

До питання строків у правовому регулюванні місцевих податків та зборів
by: O.Y. Tatarenko
Published: (2022-11-01)

Detecting race conditions in Java programs using dynamic analysis
by: M. . Ermakov, et al.
Published: (2018-10-01)