Abstract
The number of use-after-free vulnerabilities has been increasing rapidly in recent years, which is a serious threat to computer systems. However, few effective mitigations exist for large-scale binary code. In this study, the authors propose a scalable static approach for detecting use-after-free vulnerabilities in binary code. First, the use-after-free feature model is proposed to provide guidance for detection. Then, the binary code of the target program is converted to an intermediate representation, and CFGs (control flow graphs) are constructed. Finally, lightweight pointer tracking is performed to identify the use-after-free vulnerable point. Compared with state-of-the-art approaches, this approach uses function summaries rather than naive in-lining technique for the inter-procedural analysis in the vulnerability detection. Therefore, our approach has the ability to avoid redundant repeat analysis caused by the in-lining technique in the existing approaches and reduce the unnecessary performance overhead. The authors have implemented a prototype called UAFDetector and evaluated it using standard benchmarks and real-world programs. The experimental results show that this approach is effective in detecting use-after-free vulnerabilities in binary code and is more efficient and scalable than state-of-the-art static solutions.
Highlights
When an object is deallocated in a program, the pointer to it becomes a dangling pointer
We propose a scalable static approach for detecting use-after-free vulnerabilities in binary code
Alias analysis and pointer tracking in use-after-free vulnerability detection all depend on CFGs
Summary
When an object is deallocated in a program, the pointer to it becomes a dangling pointer. The solution GUEB in [16] is a state-of-the-art static tool for detecting use-after-free vulnerabilities and has certain ability to detect vulnerabilities in binary code In this approach, an in-lining technique is used for inter-procedural analysis and functions that are called many times need to be analyzed repeatedly. A scalable static analysis is performed to detect use-after-free vulnerabilities on the intermediate code and the CFGs. We use the function summaries technique for an inter-procedural analysis and a dedicated data flow analysis for the pointer alias. Alias analysis and pointer tracking in use-after-free vulnerability detection all depend on CFGs. It is important to construct complete and accurate CFGs from binary code. Functions are analyzed only once, even if they are called many times
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
