Abstract
Integer signedness errors can be exploited by adversaries to cause severe damages to computer systems. Despite the significant advances in automating the detection of integer signedness errors, accurately differentiating exploitable and harmful signedness errors from unharmful ones is an important challenge. In this paper, we present the design and implementation of SignFlow, an instrumentation-based integer signedness error detector to reduce the reports for unharmful signedness errors. SignFlow first utilizes static data flow analysis to identify unharmful integer sign conversions from the view of where the source operands originate and whether the conversion results can propagate to security-related program points, and then inserts security checks for the remaining conversions so as to accomplish runtime protection. We evaluated SignFlow on 8 real-world harmful integer signedness bugs, SPECint 2006 benchmarks together with 5 real-world applications. The experimental results show that SignFlow correctly detected all harmful integer signedness bugs (i.e. no false negatives) and achieved a reduction of 41% in false positives over IntFlow, the state of the art.
Paper version not known (
Free)
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call