Results 1 to 10 of about 10 (10)
Formalization of Error Criteria for static symbolic execution
Труды Института системного программирования РАН, 2018 This paper is devoted to the formalization of the error criteria for program static analysis, based on symbolic execution. Using the original error criteria of symbolic execution approach in program static analysis leads to an excessive number of false ...
V. K. Koshelev
doaj +1 more source
Buffer overrun detection method in binary code
Труды Института системного программирования РАН, 2018 Buffer overflows are one of the most common and dangerous software errors. Exploitation of such errors can lead to an arbitrary code execution and system disclosure. This paper considers a method for detecting memory violations.
V. V. Kaushan
doaj +1 more source
Software defect severity estimation in presence of modern defense mechanisms
Труды Института системного программирования РАН, 2018 This paper introduces a refined method for automated exploitability evaluation of found program bugs. During security development lifecycle a significant number of crashes is detected in programs.
A. N. Fedotov +5 more
doaj +1 more source
Method for exploitability estimation of program bugs
Труды Института системного программирования РАН, 2018 The method for exploitability estimation of program bugs is presented. Using this technique allows to prioritize software bugs that were found. Thus, it gives an opportunity for a developer to fix bugs, which are most security critical at first.
A. N. Fedotov
doaj +1 more source
Memory violation detection method in binary code
Труды Института системного программирования РАН, 2018 In this paper memory violation detection method is considered. This method applied to program binaries, without requiring debug information. It allows to find such memory violations as out-of-bound read or writing in some buffer.
V. V. Kaushan +3 more
doaj +1 more source
Automated exploit generation method for stack buffer overflow vulnerabilities
Труды Института системного программирования РАН, 2018 In this paper automated method for exploit generation is presented. This method allows to construct exploits for stack buffer overflow vulnerabilities and also to prioritize software bugs.
V. A. Padaryan +2 more
doaj +1 more source
Building security predicates for some types of vulnerabilities
Труды Института системного программирования РАН, 2018 Approaches for code execution using program vulnerabilities are considered in this paper. Particularly, ways of code execution using buffer overflow on stack and on heap, using use-after-free vulnerabilities and format string vulnerabilities are examined
A. N. Fedotov +3 more
doaj +1 more source
Search method for format string vulnerabilities
Труды Института системного программирования РАН, 2018 In this paper search method for format string vulnerabilities is presented. The method is based on dynamic analysis and symbolic execution. It is applied to program binaries, without requiring debug information. We present a tool implementing this method.
I. A. Vakhrushev +3 more
doaj +1 more source
Next generation intermediate representations for binary code analysis
Труды Института системного программирования РАН, 2019 A lot of binary code analysis tools do not work directly with machine instructions, instead relying on an intermediate representation from the binary code.
M. A. Solovev +5 more
doaj +1 more source
Труды Института системного программирования РАН, 2018 A specific approach to summary-based interprocedural symbolic execution is described. The approach is suitable for analysis of program source code developed with high-level programming languages and allows executing arbitrarily complex checks during ...
A. . Dergachev, A. . Sidorin
doaj +1 more source