ISCAS OpenIR  > 2010软件所会议论文
automatically generating patch in binary programs using attribute-based taint analysis
Chen Kai; Lian Yifeng; Zhang Yingjun
2010
会议名称2010 International Conference on Information and Communications Security, ICICS 2010
会议录名称Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
页码367-382
会议日期40878
会议地点Barcelona, Spain
收录类别ei
出版地Germany
ISSN3029743
ISBN3642176496
部门归属(1) Institute of Software, Chinese Academy of Sciences, Beijing 100190, China; (2) State Key Laboratory of Information Security, Graduate School, Chinese Academy of Sciences, Beijing 100049, China; (3) National Engineering Research Center for Information Security, Beijing 100190, China
摘要Vulnerabilities in software threaten safety of hosts. Generating patches could overcome this problem. Patches are usually generated with human intervention, which is very time-consuming and needs a lot of experience. A few heuristic methods can generate patches automatically. But they usually have high false negative and/or false positive rate. We proposed a novel solution and implemented a real system called PatchGen that can automatically generate patches for vulnerabilities. PatchGen innovatively combines several techniques: (1) It can automatically generate patches for Windows x86 binaries without any need for source code, debugging information or human intervention. (2) Attribute-based taint analysis method (ATAM) is proposed to find attack point and overflow point with no need to record or analyze program execution traces, which saves both analysis time and memory. (3) PatchGen automatically tunes the candidate position to find the most suitable position to patch. We made several experiments on PatchGen. The results show that PatchGen can successfully generate patches for buffer overflow vulnerabilities in several minutes. The running overhead of the patched applications is less than 1% in average. © 2010 Springer-Verlag.
关键词Heuristic Methods Security Of Data
主办者Spanish Government; Advanced Research on Information Security and Privacy line; ARES CONSOLIDER CSD2007-00004; Scytl Secure Electronic Voting; Ministerio de Ciencia e Innovacion; Universitat Politecnica de Catalunya - Department of Telematics
语种英语
内容类型会议论文
URI标识http://ir.iscas.ac.cn/handle/311060/8676
专题2010软件所会议论文
推荐引用方式
GB/T 7714
Chen Kai,Lian Yifeng,Zhang Yingjun. automatically generating patch in binary programs using attribute-based taint analysis[C]. Germany,2010:367-382.
条目包含的文件
文件名称/大小 文献类型 版本类型 开放类型 使用许可
automatically genera(423KB) 限制开放--请求全文
个性服务
推荐该条目
保存到收藏夹
查看访问统计
导出为Endnote文件
谷歌学术
谷歌学术中相似的文章
[Chen Kai]的文章
[Lian Yifeng]的文章
[Zhang Yingjun]的文章
百度学术
百度学术中相似的文章
[Chen Kai]的文章
[Lian Yifeng]的文章
[Zhang Yingjun]的文章
必应学术
必应学术中相似的文章
[Chen Kai]的文章
[Lian Yifeng]的文章
[Zhang Yingjun]的文章
相关权益政策
暂无数据
收藏/分享
所有评论 (0)
暂无评论
 

除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。