Institutional Repository
| automatically generating patch in binary programs using attribute-based taint analysis | |
| Chen Kai; Lian Yifeng; Zhang Yingjun | |
| 2010 | |
| Conference Name | 2010 International Conference on Information and Communications Security, ICICS 2010 |
| Source | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
| Pages | 367-382 |
| Conference Date | 40878 |
| Conference Place | Barcelona, Spain |
| Indexed Type | ei |
| Publish Place | Germany |
| ISSN | 3029743 |
| ISBN | 3642176496 |
| Department | (1) Institute of Software, Chinese Academy of Sciences, Beijing 100190, China; (2) State Key Laboratory of Information Security, Graduate School, Chinese Academy of Sciences, Beijing 100049, China; (3) National Engineering Research Center for Information Security, Beijing 100190, China |
| English Abstract | Vulnerabilities in software threaten safety of hosts. Generating patches could overcome this problem. Patches are usually generated with human intervention, which is very time-consuming and needs a lot of experience. A few heuristic methods can generate patches automatically. But they usually have high false negative and/or false positive rate. We proposed a novel solution and implemented a real system called PatchGen that can automatically generate patches for vulnerabilities. PatchGen innovatively combines several techniques: (1) It can automatically generate patches for Windows x86 binaries without any need for source code, debugging information or human intervention. (2) Attribute-based taint analysis method (ATAM) is proposed to find attack point and overflow point with no need to record or analyze program execution traces, which saves both analysis time and memory. (3) PatchGen automatically tunes the candidate position to find the most suitable position to patch. We made several experiments on PatchGen. The results show that PatchGen can successfully generate patches for buffer overflow vulnerabilities in several minutes. The running overhead of the patched applications is less than 1% in average. © 2010 Springer-Verlag. |
| Keyword | Heuristic Methods Security Of Data |
| Sponsorship | Spanish Government; Advanced Research on Information Security and Privacy line; ARES CONSOLIDER CSD2007-00004; Scytl Secure Electronic Voting; Ministerio de Ciencia e Innovacion; Universitat Politecnica de Catalunya - Department of Telematics |
| Language | 英语 |
| Content Type | 会议论文 |
| URI | http://ir.iscas.ac.cn/handle/311060/8676 |
| Collection | 2010软件所会议论文 |
| Recommended Citation GB/T 7714 | Chen Kai,Lian Yifeng,Zhang Yingjun. automatically generating patch in binary programs using attribute-based taint analysis[C]. Germany,2010:367-382. |
| Files in This Item: | ||||||
| File Name/Size | DocType | Version | Access | License | ||
| automatically genera(423KB) | 限制开放 | -- | Application Full Text | |||
Items in the repository are protected by copyright, with all rights reserved, unless otherwise indicated.
Edit Comment