A dynamic detection method to C/C++ programs memory vulnerabilities based on pointer analysis

Rui Ma; Lingkui Chen; Changzhen Hu; Jingfeng Xue; Xiaolin Zhao

doi:10.1109/DASC.2013.37

A dynamic detection method to C/C++ programs memory vulnerabilities based on pointer analysis

Rui Ma, Lingkui Chen, Changzhen Hu, Jingfeng Xue, Xiaolin Zhao

Beijing Institute of Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

1 Citation (Scopus)

Abstract

Aiming at the problem of higher memory consumption and lower execution efficiency during the dynamic detecting to C/C++ programs memory vulnerabilities, this paper presents a dynamic detection method called ISC. The ISC improves the Safe-C using pointer analysis technology. Firstly, the ISC defines a simple and efficient fat pointer representation instead of the safe pointer in the Safe-C. Furthermore, the ISC uses the unification-based analysis algorithm with one level flow static pointer. This identification reduces the number of pointers that need to be converted to fat pointers. Then in the process of program running, the ISC detects memory vulnerabilities through constantly inspecting the attributes of fat pointers. Experimental results indicate that the ISC could detect memory vulnerabilities such as buffer overflows and dangling pointers. Comparing with the Safe-C, the ISC dramatically reduces the memory consumption and lightly improves the execution efficiency.

Original language	English
Title of host publication	Proceedings - 2013 IEEE 11th International Conference on Dependable, Autonomic and Secure Computing, DASC 2013
Publisher	IEEE Computer Society
Pages	52-57
Number of pages	6
ISBN (Print)	9781479933815
DOIs	https://doi.org/10.1109/DASC.2013.37
Publication status	Published - 2013
Event	11th IEEE International Conference on Dependable, Autonomic and Secure Computing, DASC 2013 - Chengdu, Sichuan, China Duration: 21 Dec 2013 → 22 Dec 2013

Publication series

Name	Proceedings - 2013 IEEE 11th International Conference on Dependable, Autonomic and Secure Computing, DASC 2013

Conference

Conference	11th IEEE International Conference on Dependable, Autonomic and Secure Computing, DASC 2013
Country/Territory	China
City	Chengdu, Sichuan
Period	21/12/13 → 22/12/13

Keywords

dynamic detecting
fat pointer
improved Safe-C
memory vulnerability
pointer analysis

Access to Document

10.1109/DASC.2013.37

Cite this

Ma, R., Chen, L., Hu, C., Xue, J., & Zhao, X. (2013). A dynamic detection method to C/C++ programs memory vulnerabilities based on pointer analysis. In Proceedings - 2013 IEEE 11th International Conference on Dependable, Autonomic and Secure Computing, DASC 2013 (pp. 52-57). Article 6844337 (Proceedings - 2013 IEEE 11th International Conference on Dependable, Autonomic and Secure Computing, DASC 2013). IEEE Computer Society. https://doi.org/10.1109/DASC.2013.37

Ma, Rui ; Chen, Lingkui ; Hu, Changzhen et al. / A dynamic detection method to C/C++ programs memory vulnerabilities based on pointer analysis. Proceedings - 2013 IEEE 11th International Conference on Dependable, Autonomic and Secure Computing, DASC 2013. IEEE Computer Society, 2013. pp. 52-57 (Proceedings - 2013 IEEE 11th International Conference on Dependable, Autonomic and Secure Computing, DASC 2013).

@inproceedings{5bcf04a80815447eadb094cf71afa5e4,

title = "A dynamic detection method to C/C++ programs memory vulnerabilities based on pointer analysis",

abstract = "Aiming at the problem of higher memory consumption and lower execution efficiency during the dynamic detecting to C/C++ programs memory vulnerabilities, this paper presents a dynamic detection method called ISC. The ISC improves the Safe-C using pointer analysis technology. Firstly, the ISC defines a simple and efficient fat pointer representation instead of the safe pointer in the Safe-C. Furthermore, the ISC uses the unification-based analysis algorithm with one level flow static pointer. This identification reduces the number of pointers that need to be converted to fat pointers. Then in the process of program running, the ISC detects memory vulnerabilities through constantly inspecting the attributes of fat pointers. Experimental results indicate that the ISC could detect memory vulnerabilities such as buffer overflows and dangling pointers. Comparing with the Safe-C, the ISC dramatically reduces the memory consumption and lightly improves the execution efficiency.",

keywords = "dynamic detecting, fat pointer, improved Safe-C, memory vulnerability, pointer analysis",

author = "Rui Ma and Lingkui Chen and Changzhen Hu and Jingfeng Xue and Xiaolin Zhao",

year = "2013",

doi = "10.1109/DASC.2013.37",

language = "English",

isbn = "9781479933815",

series = "Proceedings - 2013 IEEE 11th International Conference on Dependable, Autonomic and Secure Computing, DASC 2013",

publisher = "IEEE Computer Society",

pages = "52--57",

booktitle = "Proceedings - 2013 IEEE 11th International Conference on Dependable, Autonomic and Secure Computing, DASC 2013",

address = "United States",

note = "11th IEEE International Conference on Dependable, Autonomic and Secure Computing, DASC 2013 ; Conference date: 21-12-2013 Through 22-12-2013",

}

Ma, R, Chen, L, Hu, C , Xue, J & Zhao, X 2013, A dynamic detection method to C/C++ programs memory vulnerabilities based on pointer analysis. in Proceedings - 2013 IEEE 11th International Conference on Dependable, Autonomic and Secure Computing, DASC 2013., 6844337, Proceedings - 2013 IEEE 11th International Conference on Dependable, Autonomic and Secure Computing, DASC 2013, IEEE Computer Society, pp. 52-57, 11th IEEE International Conference on Dependable, Autonomic and Secure Computing, DASC 2013, Chengdu, Sichuan, China, 21/12/13. https://doi.org/10.1109/DASC.2013.37

A dynamic detection method to C/C++ programs memory vulnerabilities based on pointer analysis. / Ma, Rui; Chen, Lingkui; Hu, Changzhen et al.
Proceedings - 2013 IEEE 11th International Conference on Dependable, Autonomic and Secure Computing, DASC 2013. IEEE Computer Society, 2013. p. 52-57 6844337 (Proceedings - 2013 IEEE 11th International Conference on Dependable, Autonomic and Secure Computing, DASC 2013).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - A dynamic detection method to C/C++ programs memory vulnerabilities based on pointer analysis

AU - Ma, Rui

AU - Chen, Lingkui

AU - Hu, Changzhen

AU - Xue, Jingfeng

AU - Zhao, Xiaolin

PY - 2013

Y1 - 2013

N2 - Aiming at the problem of higher memory consumption and lower execution efficiency during the dynamic detecting to C/C++ programs memory vulnerabilities, this paper presents a dynamic detection method called ISC. The ISC improves the Safe-C using pointer analysis technology. Firstly, the ISC defines a simple and efficient fat pointer representation instead of the safe pointer in the Safe-C. Furthermore, the ISC uses the unification-based analysis algorithm with one level flow static pointer. This identification reduces the number of pointers that need to be converted to fat pointers. Then in the process of program running, the ISC detects memory vulnerabilities through constantly inspecting the attributes of fat pointers. Experimental results indicate that the ISC could detect memory vulnerabilities such as buffer overflows and dangling pointers. Comparing with the Safe-C, the ISC dramatically reduces the memory consumption and lightly improves the execution efficiency.

AB - Aiming at the problem of higher memory consumption and lower execution efficiency during the dynamic detecting to C/C++ programs memory vulnerabilities, this paper presents a dynamic detection method called ISC. The ISC improves the Safe-C using pointer analysis technology. Firstly, the ISC defines a simple and efficient fat pointer representation instead of the safe pointer in the Safe-C. Furthermore, the ISC uses the unification-based analysis algorithm with one level flow static pointer. This identification reduces the number of pointers that need to be converted to fat pointers. Then in the process of program running, the ISC detects memory vulnerabilities through constantly inspecting the attributes of fat pointers. Experimental results indicate that the ISC could detect memory vulnerabilities such as buffer overflows and dangling pointers. Comparing with the Safe-C, the ISC dramatically reduces the memory consumption and lightly improves the execution efficiency.

KW - dynamic detecting

KW - fat pointer

KW - improved Safe-C

KW - memory vulnerability

KW - pointer analysis

UR - http://www.scopus.com/inward/record.url?scp=84904463742&partnerID=8YFLogxK

U2 - 10.1109/DASC.2013.37

DO - 10.1109/DASC.2013.37

M3 - Conference contribution

AN - SCOPUS:84904463742

SN - 9781479933815

T3 - Proceedings - 2013 IEEE 11th International Conference on Dependable, Autonomic and Secure Computing, DASC 2013

SP - 52

EP - 57

BT - Proceedings - 2013 IEEE 11th International Conference on Dependable, Autonomic and Secure Computing, DASC 2013

PB - IEEE Computer Society

T2 - 11th IEEE International Conference on Dependable, Autonomic and Secure Computing, DASC 2013

Y2 - 21 December 2013 through 22 December 2013

ER -

Ma R, Chen L, Hu C , Xue J , Zhao X. A dynamic detection method to C/C++ programs memory vulnerabilities based on pointer analysis. In Proceedings - 2013 IEEE 11th International Conference on Dependable, Autonomic and Secure Computing, DASC 2013. IEEE Computer Society. 2013. p. 52-57. 6844337. (Proceedings - 2013 IEEE 11th International Conference on Dependable, Autonomic and Secure Computing, DASC 2013). doi: 10.1109/DASC.2013.37

A dynamic detection method to C/C++ programs memory vulnerabilities based on pointer analysis

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this