Filters








6 Hits in 1.8 sec

IntFlow

Marios Pomonis, Theofilos Petsios, Kangkook Jee, Michalis Polychronakis, Angelos D. Keromytis
2014 Proceedings of the 30th Annual Computer Security Applications Conference on - ACSAC '14  
As a step towards addressing this issue, we present Int-Flow, an accurate arithmetic error detection tool that combines static information flow tracking and dynamic program analysis.  ...  We evaluated IntFlow using the SPEC benchmarks and a series of real-world applications, and measured its effectiveness in detecting arithmetic error vulnerabilities and reducing false positives.  ...  Any opinions, findings, conclusions, or recommendations expressed herein are those of the authors, and do not necessarily reflect those of the US Government, DARPA, the Air Force, or Intel.  ... 
doi:10.1145/2664243.2664282 dblp:conf/acsac/PomonisPJPK14 fatcat:pj5jwjyddjgw7eszoukm4j6c7i

Improving the Accuracy of Integer Signedness Error Detection Using Data Flow Analysis

Hao Sun, Chao Su, Yue Wang, Qingkai Zeng
2015 Proceedings of the 27th International Conference on Software Engineering and Knowledge Engineering  
Experimental results show that SignFlow successfully detected all harmful integer signedness bugs and achieved a reduction of 41% in false positives over IntFlow, the state-of-the-art signedness error  ...  Despite of the significant advances in automating the detection of integer signedness errors, accurately differentiating exploitable and harmful signedness errors from unharmful ones still remains an open  ...  Limitations We propose to improve the accuracy of integer signedness error detection using the data flow characteristics.  ... 
doi:10.18293/seke2015-123 dblp:conf/seke/SunSWZ15 fatcat:l2txl7de2bf3fajjasysr36xaa

Improving the Accuracy of Integer Signedness Error Detection Using Data Flow Analysis

Hao Sun, Chao Su, Yue Wang, Qingkai Zeng
2015 International journal of software engineering and knowledge engineering  
Experimental results show that SignFlow successfully detected all harmful integer signedness bugs and achieved a reduction of 41% in false positives over IntFlow, the state-of-the-art signedness error  ...  Despite of the significant advances in automating the detection of integer signedness errors, accurately differentiating exploitable and harmful signedness errors from unharmful ones still remains an open  ...  Limitations We propose to improve the accuracy of integer signedness error detection using the data flow characteristics.  ... 
doi:10.1142/s0218194015400331 fatcat:it5eijmpf5bh5jxxmzw3oneiby

On Efficiency and Accuracy of Data Flow Tracking Systems

Kangkook Jee
2017
Data Flow Tracking (DFT) is a technique broadly used in a variety of security applications such as attack detection, privacy leak detection, and policy enforcement.  ...  The first optimization approach extracts DFT tracking logics and abstracts them using TFA.  ...  Our prototype, IntFlow, uses information flow tracking to reason the severity of arithmetic errors by analyzing the information flows related to them.  ... 
doi:10.7916/d8mg7p9d fatcat:mof2c5wdwrbcpjwogdpuqpirbi

Practical Integer Overflow Prevention [article]

Paul Muntean, Jens Grossklags, Claudia Eckert
2017 arXiv   pre-print
Specifically, given the source code of a program, IntGuard first discovers the location of an integer overflow error by using static source code analysis and satisfiability modulo theories (SMT) solving  ...  IntGuard then generates integer multi-precision code repairs based on modular manipulation of SMT constraints as well as an extensible set of customizable code repair patterns.  ...  Most of the successfully used tools for error detection in the industry (i.e., at Google) are mainly based on fuzzers.  ... 
arXiv:1710.03720v9 fatcat:mjtnitnqmbbmlgoswdersm4xju

KUBO: Precise and Scalable Detection of User-triggerable Undefined Behavior Bugs in OS Kernel

Changming Liu, Yaohui Chen, Long Lu
2021 Proceedings 2021 Network and Distributed System Security Symposium   unpublished
KUBO's false detection rate is merely 27.5%, which is significantly lower than that of the state-of-the-art kernel UB detectors (91%).  ...  KUBO is focused on detecting critical UB that can be triggered by userspace input. The high precision comes from KUBO's verification of the satisfiability of the UB-triggering paths and conditions.  ...  We record this range, as it can improve the accuracy of the later symbolic solving. The call graph is generated by [42] , [24] .  ... 
doi:10.14722/ndss.2021.24461 fatcat:2sr4erl5lrhzzg2vcadheoug2q