Analysis oF exception-based control transfers

Babak Yadegari; Jon Stephens; Saumya K Debray

doi:10.1145/3029806.3029826

Analysis oF exception-based control transfers

Babak Yadegari, Jon Stephens, Saumya K Debray

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

5 Scopus citations

Abstract

Dynamic taint analysis and symbolic execution find many important applications in security-related program analyses. However, current techniques for such analyses do not take proper account of control transfers due to exceptions. As a result, they can fail to account for implicit ows arising from exception-based control transfers, leading to loss of precision and potential false negatives in analysis results. While the idea of using exceptions for obfuscating (unconditional) control transfers is well known, we are not aware of any prior work discussing the use of exceptions to implement condi-Tional control transfers and implicit information ows. This paper demonstrates the problems that can arise in existing dynamic taint analysis and symbolic execution systems due to exception-based implicit information ows and proposes a generic architecture-Agnostic solution for reasoning about the behavior of code using user-defined exception handlers. Experimental results from a prototype implementation indicate that the ideas described produce better results than current state-of-The-Art systems.

Original language	English (US)
Title of host publication	CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy
Publisher	Association for Computing Machinery, Inc
Pages	205-216
Number of pages	12
ISBN (Electronic)	9781450345231
DOIs	https://doi.org/10.1145/3029806.3029826
State	Published - Mar 22 2017
Event	7th ACM Conference on Data and Application Security and Privacy, CODASPY 2017 - Scottsdale, United States Duration: Mar 22 2017 → Mar 24 2017

Other

Other	7th ACM Conference on Data and Application Security and Privacy, CODASPY 2017
Country	United States
City	Scottsdale
Period	3/22/17 → 3/24/17

Keywords

Binary analysis
Dynamic information flow
Symbolic execution

ASJC Scopus subject areas

Computer Science Applications
Information Systems
Software

Access to Document

10.1145/3029806.3029826

Fingerprint Dive into the research topics of 'Analysis oF exception-based control transfers'. Together they form a unique fingerprint.

Cite this

Yadegari, B., Stephens, J., & Debray, S. K. (2017). Analysis oF exception-based control transfers. In CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy (pp. 205-216). Association for Computing Machinery, Inc. https://doi.org/10.1145/3029806.3029826

Yadegari, B, Stephens, J & Debray, SK 2017, Analysis oF exception-based control transfers. in CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery, Inc, pp. 205-216, 7th ACM Conference on Data and Application Security and Privacy, CODASPY 2017, Scottsdale, United States, 3/22/17. https://doi.org/10.1145/3029806.3029826

@inproceedings{ba2b5900c0f248b1b18a9e596ec7a322,

title = "Analysis oF exception-based control transfers",

abstract = "Dynamic taint analysis and symbolic execution find many important applications in security-related program analyses. However, current techniques for such analyses do not take proper account of control transfers due to exceptions. As a result, they can fail to account for implicit ows arising from exception-based control transfers, leading to loss of precision and potential false negatives in analysis results. While the idea of using exceptions for obfuscating (unconditional) control transfers is well known, we are not aware of any prior work discussing the use of exceptions to implement condi-Tional control transfers and implicit information ows. This paper demonstrates the problems that can arise in existing dynamic taint analysis and symbolic execution systems due to exception-based implicit information ows and proposes a generic architecture-Agnostic solution for reasoning about the behavior of code using user-defined exception handlers. Experimental results from a prototype implementation indicate that the ideas described produce better results than current state-of-The-Art systems.",

keywords = "Binary analysis, Dynamic information flow, Symbolic execution",

author = "Babak Yadegari and Jon Stephens and Debray, {Saumya K}",

year = "2017",

month = mar,

day = "22",

doi = "10.1145/3029806.3029826",

language = "English (US)",

pages = "205--216",

booktitle = "CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy",

publisher = "Association for Computing Machinery, Inc",

note = "7th ACM Conference on Data and Application Security and Privacy, CODASPY 2017 ; Conference date: 22-03-2017 Through 24-03-2017",

}

TY - GEN

T1 - Analysis oF exception-based control transfers

AU - Yadegari, Babak

AU - Stephens, Jon

AU - Debray, Saumya K

PY - 2017/3/22

Y1 - 2017/3/22

N2 - Dynamic taint analysis and symbolic execution find many important applications in security-related program analyses. However, current techniques for such analyses do not take proper account of control transfers due to exceptions. As a result, they can fail to account for implicit ows arising from exception-based control transfers, leading to loss of precision and potential false negatives in analysis results. While the idea of using exceptions for obfuscating (unconditional) control transfers is well known, we are not aware of any prior work discussing the use of exceptions to implement condi-Tional control transfers and implicit information ows. This paper demonstrates the problems that can arise in existing dynamic taint analysis and symbolic execution systems due to exception-based implicit information ows and proposes a generic architecture-Agnostic solution for reasoning about the behavior of code using user-defined exception handlers. Experimental results from a prototype implementation indicate that the ideas described produce better results than current state-of-The-Art systems.

AB - Dynamic taint analysis and symbolic execution find many important applications in security-related program analyses. However, current techniques for such analyses do not take proper account of control transfers due to exceptions. As a result, they can fail to account for implicit ows arising from exception-based control transfers, leading to loss of precision and potential false negatives in analysis results. While the idea of using exceptions for obfuscating (unconditional) control transfers is well known, we are not aware of any prior work discussing the use of exceptions to implement condi-Tional control transfers and implicit information ows. This paper demonstrates the problems that can arise in existing dynamic taint analysis and symbolic execution systems due to exception-based implicit information ows and proposes a generic architecture-Agnostic solution for reasoning about the behavior of code using user-defined exception handlers. Experimental results from a prototype implementation indicate that the ideas described produce better results than current state-of-The-Art systems.

KW - Binary analysis

KW - Dynamic information flow

KW - Symbolic execution

UR - http://www.scopus.com/inward/record.url?scp=85018464400&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85018464400&partnerID=8YFLogxK

U2 - 10.1145/3029806.3029826

DO - 10.1145/3029806.3029826

M3 - Conference contribution

AN - SCOPUS:85018464400

SP - 205

EP - 216

BT - CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy

PB - Association for Computing Machinery, Inc

T2 - 7th ACM Conference on Data and Application Security and Privacy, CODASPY 2017

Y2 - 22 March 2017 through 24 March 2017

ER -