A unified approach to identifying and healing vulnerabilities in x86 machine code

Kononenko, Kirill

doi:10.1145/2348543.2348593

Cited by 6 publications

(1 citation statement)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There has been development of static source analysis technique for vulnerability detection in C based on the combination of taint analysis and value range propagation technique used for compiler optimization [1]. There have been work specific to cross 86 platform for virtual execution environment that combines information from compositional, static, and dynamic program analysis to identify vulnerabilities and timing channels, and uses code transformations to prevent those from being exploited [2]. RICH (Run time integer Checker) for detection of integer based attacks in C [3].…”

Section: Early Developments To the Problemmentioning

confidence: 99%

Compiler for Detection of Program Vulnerabilities

Nayyar¹,

Saxena²,

Kumar³

2014

IJCA

View full text Add to dashboard Cite

Program Vulnerabilities may be unwarranted for any organization and may lead to severe system failure. Due to the advancement of technology there has been increase in the area of vulnerability attacks which are exploited by hackers for getting access to the system or insertion of their malicious code. In this paper we present a proposal for compiler design which prevents some common vulnerability. The output result for our compiler would be compile time warning stating the possible vulnerability in the code. We will also look into the details about the different type of vulnerability and how the attacker can exploit those vulnerabilities in order to corrupt the system. The knowledge of various vulnerability creation areas have been used to design a compiler for vulnerability prevention. Compiler in this publication uses the symbol table generation mechanism for syntactically, semantically segregation of executable code and canary guard mechanism for the protection of cases of buffer overflow. Major work in this area deals with the simple scenarios for vulnerability detection but our aim is to check for various complicated scenarios and non common possibilities for program attack and designing a framework preventing such kinds of attacks.

show abstract

Section: Early Developments To the Problemmentioning

confidence: 99%