Abstract
Dynamic taint analysis and symbolic execution find many important applications in security-related program analyses. However, current techniques for such analyses do not take proper account of control transfers due to exceptions. As a result, they can fail to account for implicit ows arising from exception-based control transfers, leading to loss of precision and potential false negatives in analysis results. While the idea of using exceptions for obfuscating (unconditional) control transfers is well known, we are not aware of any prior work discussing the use of exceptions to implement condi-Tional control transfers and implicit information ows. This paper demonstrates the problems that can arise in existing dynamic taint analysis and symbolic execution systems due to exception-based implicit information ows and proposes a generic architecture-Agnostic solution for reasoning about the behavior of code using user-defined exception handlers. Experimental results from a prototype implementation indicate that the ideas described produce better results than current state-of-The-Art systems.
| Language | English (US) |
|---|---|
| Title of host publication | CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy |
| Publisher | Association for Computing Machinery, Inc |
| Pages | 205-216 |
| Number of pages | 12 |
| ISBN (Electronic) | 9781450345231 |
| DOIs | |
| State | Published - Mar 22 2017 |
| Event | 7th ACM Conference on Data and Application Security and Privacy, CODASPY 2017 - Scottsdale, United States Duration: Mar 22 2017 → Mar 24 2017 |
Other
| Other | 7th ACM Conference on Data and Application Security and Privacy, CODASPY 2017 |
|---|---|
| Country | United States |
| City | Scottsdale |
| Period | 3/22/17 → 3/24/17 |
Fingerprint
Keywords
- Binary analysis
- Dynamic information flow
- Symbolic execution
ASJC Scopus subject areas
- Computer Science Applications
- Information Systems
- Software
Cite this
Analysis oF exception-based control transfers. / Yadegari, Babak; Stephens, Jon; Debray, Saumya.
CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery, Inc, 2017. p. 205-216.Research output: Chapter in Book/Report/Conference proceeding › Conference contribution
}
TY - GEN
T1 - Analysis oF exception-based control transfers
AU - Yadegari,Babak
AU - Stephens,Jon
AU - Debray,Saumya
PY - 2017/3/22
Y1 - 2017/3/22
N2 - Dynamic taint analysis and symbolic execution find many important applications in security-related program analyses. However, current techniques for such analyses do not take proper account of control transfers due to exceptions. As a result, they can fail to account for implicit ows arising from exception-based control transfers, leading to loss of precision and potential false negatives in analysis results. While the idea of using exceptions for obfuscating (unconditional) control transfers is well known, we are not aware of any prior work discussing the use of exceptions to implement condi-Tional control transfers and implicit information ows. This paper demonstrates the problems that can arise in existing dynamic taint analysis and symbolic execution systems due to exception-based implicit information ows and proposes a generic architecture-Agnostic solution for reasoning about the behavior of code using user-defined exception handlers. Experimental results from a prototype implementation indicate that the ideas described produce better results than current state-of-The-Art systems.
AB - Dynamic taint analysis and symbolic execution find many important applications in security-related program analyses. However, current techniques for such analyses do not take proper account of control transfers due to exceptions. As a result, they can fail to account for implicit ows arising from exception-based control transfers, leading to loss of precision and potential false negatives in analysis results. While the idea of using exceptions for obfuscating (unconditional) control transfers is well known, we are not aware of any prior work discussing the use of exceptions to implement condi-Tional control transfers and implicit information ows. This paper demonstrates the problems that can arise in existing dynamic taint analysis and symbolic execution systems due to exception-based implicit information ows and proposes a generic architecture-Agnostic solution for reasoning about the behavior of code using user-defined exception handlers. Experimental results from a prototype implementation indicate that the ideas described produce better results than current state-of-The-Art systems.
KW - Binary analysis
KW - Dynamic information flow
KW - Symbolic execution
UR - http://www.scopus.com/inward/record.url?scp=85018464400&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85018464400&partnerID=8YFLogxK
U2 - 10.1145/3029806.3029826
DO - 10.1145/3029806.3029826
M3 - Conference contribution
SP - 205
EP - 216
BT - CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy
PB - Association for Computing Machinery, Inc
ER -