Institutional Repository
| automatically generating patch in binary programs using attribute-based taint analysis | |
| Chen Kai; Lian Yifeng; Zhang Yingjun | |
| 2010 | |
| 会议名称 | 2010 International Conference on Information and Communications Security, ICICS 2010 |
| 会议录名称 | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
| 页码 | 367-382 |
| 会议日期 | 40878 |
| 会议地点 | Barcelona, Spain |
| 收录类别 | ei |
| 出版地 | Germany |
| ISSN | 3029743 |
| ISBN | 3642176496 |
| 部门归属 | (1) Institute of Software, Chinese Academy of Sciences, Beijing 100190, China; (2) State Key Laboratory of Information Security, Graduate School, Chinese Academy of Sciences, Beijing 100049, China; (3) National Engineering Research Center for Information Security, Beijing 100190, China |
| 摘要 | Vulnerabilities in software threaten safety of hosts. Generating patches could overcome this problem. Patches are usually generated with human intervention, which is very time-consuming and needs a lot of experience. A few heuristic methods can generate patches automatically. But they usually have high false negative and/or false positive rate. We proposed a novel solution and implemented a real system called PatchGen that can automatically generate patches for vulnerabilities. PatchGen innovatively combines several techniques: (1) It can automatically generate patches for Windows x86 binaries without any need for source code, debugging information or human intervention. (2) Attribute-based taint analysis method (ATAM) is proposed to find attack point and overflow point with no need to record or analyze program execution traces, which saves both analysis time and memory. (3) PatchGen automatically tunes the candidate position to find the most suitable position to patch. We made several experiments on PatchGen. The results show that PatchGen can successfully generate patches for buffer overflow vulnerabilities in several minutes. The running overhead of the patched applications is less than 1% in average. © 2010 Springer-Verlag. |
| 关键词 | Heuristic Methods Security Of Data |
| 主办者 | Spanish Government; Advanced Research on Information Security and Privacy line; ARES CONSOLIDER CSD2007-00004; Scytl Secure Electronic Voting; Ministerio de Ciencia e Innovacion; Universitat Politecnica de Catalunya - Department of Telematics |
| 语种 | 英语 |
| 内容类型 | 会议论文 |
| URI标识 | http://ir.iscas.ac.cn/handle/311060/8676 |
| 专题 | 2010软件所会议论文 |
| 推荐引用方式 GB/T 7714 | Chen Kai,Lian Yifeng,Zhang Yingjun. automatically generating patch in binary programs using attribute-based taint analysis[C]. Germany,2010:367-382. |
| 条目包含的文件 | ||||||
| 文件名称/大小 | 文献类型 | 版本类型 | 开放类型 | 使用许可 | ||
| automatically genera(423KB) | 限制开放 | -- | 请求全文 | |||
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论