Sciweavers

ACSAC
2007
IEEE

Automated Security Debugging Using Program Structural Constraints

14 years 6 months ago
Automated Security Debugging Using Program Structural Constraints
Understanding security bugs in a vulnerable program is a non-trivial task, even if the target program is known to be vulnerable. Though there exist debugging tools that facilitate the vulnerability analysis and debugging process, human developers still need to manually trace the program execution most of the times. This makes security debugging a difficult and tiresome task even for experienced programmers. In this paper, we present the development of a novel security debugging tool called CBones (SeeBones, where bones is an analogy of program structures). CBones is intended to fully automate the analysis of a class of security vulnerabilities in C programs, the exploits of which would compromise the integrity of program structures satisfied by all legitimate binaries compiled from C source code. In other words, CBones automatically discovers how unknown vulnerabilities in C programs are exploited based on program structural constraints. Unlike the previous approaches, CBones can au...
Chongkyung Kil, Emre Can Sezer, Peng Ning, Xiaolan
Added 02 Jun 2010
Updated 02 Jun 2010
Type Conference
Year 2007
Where ACSAC
Authors Chongkyung Kil, Emre Can Sezer, Peng Ning, Xiaolan Zhang
Comments (0)