Static integer overflow vulnerability detection in windows binary

Abstract

In this paper, we present a static binary analysis based approach to detect integer overflow vulnerabilities in windows binary. We first translate the binary to our intermediate representation and perform Sign type analysis to reconstruct sufficient type information, and then use dataflow analysis to collect suspicious integer overflow vulnerabilities. To alleviate the problem that static vulnerability detection has high false positive rate, we use the information how variables which may be affected by integer overflow are used in security sensitive operations to compute priority and rank the suspicious integer overflow vulnerabilities. Finally the weakest preconditions technique is used to validate the suspicious integer overflow vulnerabilities. Our approach is static so that it does not run the software directly in real environment. We implement a prototype called EIOD and use it to analyze real-world windows binaries. Experiments show that EIOD can effectively and efficiently detect integer overflow vulnerabilities. © 2013 Springer-Verlag.