中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 软件所图书馆  > 2010软件所会议论文
题名:
automatically generating patch in binary programs using attribute-based taint analysis
作者: Chen Kai ; Lian Yifeng ; Zhang Yingjun
会议文集: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
会议名称: 2010 International Conference on Information and Communications Security, ICICS 2010
会议日期: 40878
出版日期: 2010
会议地点: Barcelona, Spain
关键词: Heuristic methods ; Security of data
出版地: Germany
收录类别: ei
ISSN: 3029743
ISBN: 3642176496
部门归属: (1) Institute of Software, Chinese Academy of Sciences, Beijing 100190, China; (2) State Key Laboratory of Information Security, Graduate School, Chinese Academy of Sciences, Beijing 100049, China; (3) National Engineering Research Center for Information Security, Beijing 100190, China
主办者: Spanish Government; Advanced Research on Information Security and Privacy line; ARES CONSOLIDER CSD2007-00004; Scytl Secure Electronic Voting; Ministerio de Ciencia e Innovacion; Universitat Politecnica de Catalunya - Department of Telematics
英文摘要: Vulnerabilities in software threaten safety of hosts. Generating patches could overcome this problem. Patches are usually generated with human intervention, which is very time-consuming and needs a lot of experience. A few heuristic methods can generate patches automatically. But they usually have high false negative and/or false positive rate. We proposed a novel solution and implemented a real system called PatchGen that can automatically generate patches for vulnerabilities. PatchGen innovatively combines several techniques: (1) It can automatically generate patches for Windows x86 binaries without any need for source code, debugging information or human intervention. (2) Attribute-based taint analysis method (ATAM) is proposed to find attack point and overflow point with no need to record or analyze program execution traces, which saves both analysis time and memory. (3) PatchGen automatically tunes the candidate position to find the most suitable position to patch. We made several experiments on PatchGen. The results show that PatchGen can successfully generate patches for buffer overflow vulnerabilities in several minutes. The running overhead of the patched applications is less than 1% in average. © 2010 Springer-Verlag.
语种: 英语
内容类型: 会议论文
URI标识: http://ir.iscas.ac.cn/handle/311060/8676
Appears in Collections:中科院软件所图书馆_2010软件所会议论文

Files in This Item:
File Name/ File Size Content Type Version Access License
automatically generating patch in binary programs using attribute-based taint analysis.pdf(423KB)----限制开放-- 联系获取全文

Recommended Citation:
Chen Kai,Lian Yifeng,Zhang Yingjun. automatically generating patch in binary programs using attribute-based taint analysis[C]. 见:2010 International Conference on Information and Communications Security, ICICS 2010. Barcelona, Spain. 40878.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[Chen Kai]'s Articles
[Lian Yifeng]'s Articles
[Zhang Yingjun]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[Chen Kai]‘s Articles
[Lian Yifeng]‘s Articles
[Zhang Yingjun]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2017  中国科学院软件研究所 - Feedback
Powered by CSpace