Journal Article

VYPER: Vulnerability detection in binary code

  • Boudjema E
  • Verlan S
  • Mokdad L
  • et al.
SECURITY AND PRIVACY (2020) 3(2)
DOI: 10.1002/spy2.100
N/ACitations
Citations of this article
14Readers
Mendeley users who have this article in their library.
Get full text

Abstract

This paper presents a method for exploitable vulnerabilities detection in binary code with almost no false positives. It is based on the concolic (a mix of concrete and symbolic) execution of software binary code and the annotation of sensitive memory zones of the corresponding program traces (represented in a formal manner). Three big families of vulnerabilities are considered (taint related, stack overflow, and heap overflow). Based on the angr framework as a supporting software VulnerabilitY detection based on dynamic behavioral PattErn Recognition was developed to demonstrate the viability of the method. Several test cases using custom code, Juliet test base and widely used public libraries were performed showing a high detection potential for exploitable vulnerabilities with a very low rate of false positives.

Cite

CITATION STYLE

APA

Boudjema, E. H., Verlan, S., Mokdad, L., & Faure, C. (2020). VYPER: Vulnerability detection in binary code. SECURITY AND PRIVACY, 3(2). https://doi.org/10.1002/spy2.100

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free