Targeted Automatic Integer Overflow Discovery Using Goal-Directed Conditional Branch Enforcement
We present a new technique and system, DIODE, for auto- matically generating inputs that trigger overflows at memory allocation sites. DIODE is designed to identify relevant sanity checks that inputs must satisfy to trigger overflows at target memory allocation sites, then generate inputs that satis...
| Main Authors: | , , , , , , |
|---|---|
| Other Authors: | |
| Format: | Article |
| Language: | en_US |
| Published: |
Association for Computing Machinery (ACM)
2015
|
| Online Access: | http://hdl.handle.net/1721.1/96155 https://orcid.org/0000-0002-6232-3118 https://orcid.org/0000-0001-8195-4145 https://orcid.org/0000-0001-8095-8523 |
| _version_ | 1826210352274079744 |
|---|---|
| author | Sidiroglou-Douskos, Stelios Lahtinen, Eric Piselli, Paolo Long, Fan Kim, Deokhwan Rinard, Martin C. Rittenhouse, Nathan (Nathan W.) |
| author2 | Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory |
| author_facet | Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory Sidiroglou-Douskos, Stelios Lahtinen, Eric Piselli, Paolo Long, Fan Kim, Deokhwan Rinard, Martin C. Rittenhouse, Nathan (Nathan W.) |
| author_sort | Sidiroglou-Douskos, Stelios |
| collection | MIT |
| description | We present a new technique and system, DIODE, for auto- matically generating inputs that trigger overflows at memory allocation sites. DIODE is designed to identify relevant sanity checks that inputs must satisfy to trigger overflows at target memory allocation sites, then generate inputs that satisfy these sanity checks to successfully trigger the overflow. DIODE works with off-the-shelf, production x86 binaries. Our results show that, for our benchmark set of applications, and for every target memory allocation site exercised by our seed inputs (which the applications process correctly with no overflows), either 1) DIODE is able to generate an input that triggers an overflow at that site or 2) there is no input that would trigger an overflow for the observed target expression at that site. |
| first_indexed | 2024-09-23T14:48:07Z |
| format | Article |
| id | mit-1721.1/96155 |
| institution | Massachusetts Institute of Technology |
| language | en_US |
| last_indexed | 2024-09-23T14:48:07Z |
| publishDate | 2015 |
| publisher | Association for Computing Machinery (ACM) |
| record_format | dspace |
| spelling | mit-1721.1/961552022-09-29T10:39:49Z Targeted Automatic Integer Overflow Discovery Using Goal-Directed Conditional Branch Enforcement Sidiroglou-Douskos, Stelios Lahtinen, Eric Piselli, Paolo Long, Fan Kim, Deokhwan Rinard, Martin C. Rittenhouse, Nathan (Nathan W.) Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science Long, Fan Kim, Deokhwan Rinard, Martin C. Sidiroglou-Douskos, Stelios Lahtinen, Eric Rittenhouse, Nathan (Nathan W.) Piselli, Paolo We present a new technique and system, DIODE, for auto- matically generating inputs that trigger overflows at memory allocation sites. DIODE is designed to identify relevant sanity checks that inputs must satisfy to trigger overflows at target memory allocation sites, then generate inputs that satisfy these sanity checks to successfully trigger the overflow. DIODE works with off-the-shelf, production x86 binaries. Our results show that, for our benchmark set of applications, and for every target memory allocation site exercised by our seed inputs (which the applications process correctly with no overflows), either 1) DIODE is able to generate an input that triggers an overflow at that site or 2) there is no input that would trigger an overflow for the observed target expression at that site. United States. Defense Advanced Research Projects Agency (Grant FA8650-11-C-7192) 2015-03-24T18:38:23Z 2015-03-24T18:38:23Z 2015-03 Article http://purl.org/eprint/type/ConferencePaper 9781450328357 http://hdl.handle.net/1721.1/96155 Sidiroglou-Douskos, Stelios et al. “Targeted Automatic Integer Overflow Discovery Using Goal-Directed Conditional Branch Enforcement.” Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2015) (March 2015): 473–486. https://orcid.org/0000-0002-6232-3118 https://orcid.org/0000-0001-8195-4145 https://orcid.org/0000-0001-8095-8523 en_US http://dx.doi.org/10.1145/2694344.2694389 Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2015) Creative Commons Attribution-Noncommercial-Share Alike http://creativecommons.org/licenses/by-nc-sa/4.0/ application/pdf Association for Computing Machinery (ACM) Sidiroglou-Douskos, Stelios |
| spellingShingle | Sidiroglou-Douskos, Stelios Lahtinen, Eric Piselli, Paolo Long, Fan Kim, Deokhwan Rinard, Martin C. Rittenhouse, Nathan (Nathan W.) Targeted Automatic Integer Overflow Discovery Using Goal-Directed Conditional Branch Enforcement |
| title | Targeted Automatic Integer Overflow Discovery Using Goal-Directed Conditional Branch Enforcement |
| title_full | Targeted Automatic Integer Overflow Discovery Using Goal-Directed Conditional Branch Enforcement |
| title_fullStr | Targeted Automatic Integer Overflow Discovery Using Goal-Directed Conditional Branch Enforcement |
| title_full_unstemmed | Targeted Automatic Integer Overflow Discovery Using Goal-Directed Conditional Branch Enforcement |
| title_short | Targeted Automatic Integer Overflow Discovery Using Goal-Directed Conditional Branch Enforcement |
| title_sort | targeted automatic integer overflow discovery using goal directed conditional branch enforcement |
| url | http://hdl.handle.net/1721.1/96155 https://orcid.org/0000-0002-6232-3118 https://orcid.org/0000-0001-8195-4145 https://orcid.org/0000-0001-8095-8523 |
| work_keys_str_mv | AT sidirogloudouskosstelios targetedautomaticintegeroverflowdiscoveryusinggoaldirectedconditionalbranchenforcement AT lahtineneric targetedautomaticintegeroverflowdiscoveryusinggoaldirectedconditionalbranchenforcement AT pisellipaolo targetedautomaticintegeroverflowdiscoveryusinggoaldirectedconditionalbranchenforcement AT longfan targetedautomaticintegeroverflowdiscoveryusinggoaldirectedconditionalbranchenforcement AT kimdeokhwan targetedautomaticintegeroverflowdiscoveryusinggoaldirectedconditionalbranchenforcement AT rinardmartinc targetedautomaticintegeroverflowdiscoveryusinggoaldirectedconditionalbranchenforcement AT rittenhousenathannathanw targetedautomaticintegeroverflowdiscoveryusinggoaldirectedconditionalbranchenforcement |