automatically generating patch in binary programs using attribute-based taint analysis
文献类型:会议论文
| 作者 | Chen Kai ; Lian Yifeng ; Zhang Yingjun |
| 出版日期 | 2010 |
| 会议名称 | 2010 International Conference on Information and Communications Security, ICICS 2010 |
| 会议日期 | 40878 |
| 会议地点 | Barcelona, Spain |
| 关键词 | Heuristic methods Security of data |
| 页码 | 367-382 |
| 英文摘要 | Vulnerabilities in software threaten safety of hosts. Generating patches could overcome this problem. Patches are usually generated with human intervention, which is very time-consuming and needs a lot of experience. A few heuristic methods can generate patches automatically. But they usually have high false negative and/or false positive rate. We proposed a novel solution and implemented a real system called PatchGen that can automatically generate patches for vulnerabilities. PatchGen innovatively combines several techniques: (1) It can automatically generate patches for Windows x86 binaries without any need for source code, debugging information or human intervention. (2) Attribute-based taint analysis method (ATAM) is proposed to find attack point and overflow point with no need to record or analyze program execution traces, which saves both analysis time and memory. (3) PatchGen automatically tunes the candidate position to find the most suitable position to patch. We made several experiments on PatchGen. The results show that PatchGen can successfully generate patches for buffer overflow vulnerabilities in several minutes. The running overhead of the patched applications is less than 1% in average. © 2010 Springer-Verlag. |
| 收录类别 | EI |
| 会议主办者 | Spanish Government; Advanced Research on Information Security and Privacy line; ARES CONSOLIDER CSD2007-00004; Scytl Secure Electronic Voting; Ministerio de Ciencia e Innovacion; Universitat Politecnica de Catalunya - Department of Telematics |
| 会议录 | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
 |
| 会议录出版地 | Germany |
| 语种 | 英语 |
| ISSN号 | 3029743 |
| ISBN号 | 3642176496 |
| 源URL | [http://124.16.136.157/handle/311060/8676]  |
| 专题 | 软件研究所_软件所图书馆_2010软件所会议论文 |
| 推荐引用方式 GB/T 7714 | Chen Kai,Lian Yifeng,Zhang Yingjun. automatically generating patch in binary programs using attribute-based taint analysis[C]. 见:2010 International Conference on Information and Communications Security, ICICS 2010. Barcelona, Spain. 40878. |
入库方式: OAI收割
来源:软件研究所
浏览0
下载0
收藏0
其他版本
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。