Title: | automatically generating patch in binary programs using attribute-based taint analysis |
Author: | Chen Kai
; Lian Yifeng
; Zhang Yingjun
|
Source: | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
|
Conference Name: | 2010 International Conference on Information and Communications Security, ICICS 2010
|
Conference Date: | 40878
|
Issued Date: | 2010
|
Conference Place: | Barcelona, Spain
|
Keyword: | Heuristic methods
; Security of data
|
Publish Place: | Germany
|
Indexed Type: | ei
|
ISSN: | 3029743
|
ISBN: | 3642176496
|
Department: | (1) Institute of Software, Chinese Academy of Sciences, Beijing 100190, China; (2) State Key Laboratory of Information Security, Graduate School, Chinese Academy of Sciences, Beijing 100049, China; (3) National Engineering Research Center for Information Security, Beijing 100190, China
|
Sponsorship: | Spanish Government; Advanced Research on Information Security and Privacy line; ARES CONSOLIDER CSD2007-00004; Scytl Secure Electronic Voting; Ministerio de Ciencia e Innovacion; Universitat Politecnica de Catalunya - Department of Telematics
|
English Abstract: | Vulnerabilities in software threaten safety of hosts. Generating patches could overcome this problem. Patches are usually generated with human intervention, which is very time-consuming and needs a lot of experience. A few heuristic methods can generate patches automatically. But they usually have high false negative and/or false positive rate. We proposed a novel solution and implemented a real system called PatchGen that can automatically generate patches for vulnerabilities. PatchGen innovatively combines several techniques: (1) It can automatically generate patches for Windows x86 binaries without any need for source code, debugging information or human intervention. (2) Attribute-based taint analysis method (ATAM) is proposed to find attack point and overflow point with no need to record or analyze program execution traces, which saves both analysis time and memory. (3) PatchGen automatically tunes the candidate position to find the most suitable position to patch. We made several experiments on PatchGen. The results show that PatchGen can successfully generate patches for buffer overflow vulnerabilities in several minutes. The running overhead of the patched applications is less than 1% in average. © 2010 Springer-Verlag. |
Language: | 英语
|
Content Type: | 会议论文
|
URI: | http://ir.iscas.ac.cn/handle/311060/8676
|
Appears in Collections: | 中科院软件所图书馆_2010软件所会议论文
|
File Name/ File Size |
Content Type |
Version |
Access |
License |
|
automatically generating patch in binary programs using attribute-based taint analysis.pdf(423KB) | -- | -- | 限制开放 | -- | 联系获取全文 |
|
Recommended Citation: |
Chen Kai,Lian Yifeng,Zhang Yingjun. automatically generating patch in binary programs using attribute-based taint analysis[C]. 见:2010 International Conference on Information and Communications Security, ICICS 2010. Barcelona, Spain. 40878.
|
|
|