Sound Input Filter Generation for Integer Overflow Errors

Abstract

We present a system, SIFT, for generating input filters that nullify integer overflow errors associated with critical program sites such as memory allocation or block copy sites. SIFT uses a static program analysis to generate filters that discard inputs that may trigger integer overflow errors in the computations of the sizes of allocated memory blocks or the number of copied bytes in block copy operations. Unlike all previous techniques of which we are aware, SIFT is sound -- if an input passes the filter, it will not trigger an integer overflow error at any analyzed site. Our results show that SIFT successfully analyzes (and therefore generates sound input filters for) 56 out of 58 memory allocation and block memory copy sites in analyzed input processing modules from five applications (VLC, Dillo, Swfdec, Swftools, and GIMP). These nullified errors include six known integer overflow vulnerabilities. Our results also show that applying these filters to 62895 real-world inputs produces no false positives. The analysis and filter generation times are all less than a second.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 22, 2014
Accession Number
AD1095001

Entities

People

  • Deokhwan Kim
  • Fan Long
  • Martin Rinard
  • Stelios Sidiroglou-douskos

Organizations

  • MIT Computer Science and Artificial Intelligence Laboratory

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Abstracts
  • Algorithms
  • Anomaly Detection
  • Arithmetic
  • Change Detection
  • Composite Materials
  • Computations
  • Computer Programming
  • Computer Programs
  • Computers
  • Denial Of Service Attack
  • Detection
  • Language
  • Specifications
  • Standards
  • Test Sets
  • Web Browsers

Fields of Study

  • Computer science

Readers

  • Computer Programming and Software Development.
  • Computer Vision.
  • Systems Analysis and Design