IntRepair: Informed Repairing of Integer Overflows

Integer overflows have threatened software applications for decades. Thus, in this paper, we propose a novel technique to provide automatic repair of integer overflows in C source code. Our technique, based on static symbolic execution, fuses detection, repair generation and validation. This technique is implemented in a prototype named IntRepair. We applied IntRepair to 2,052 C programs (approx. 1 million lines of code) contained in the SAMATE Juliet test suite and 50 synthesized programs that range up to 20 KLOC. Our experimental results show that IntRepair is able to effectively detect integer overflows and successfully repair them, while only increasing the source code (LOC) and binary (Kb) size by around 1%, respectively. Furthermore, we present the results of a user study with 30 participants showing that IntRepair repairs are more efficient than manual repairs.

[1]  Radu State,et al.  Osiris: Hunting for Integer Bugs in Ethereum Smart Contracts , 2018, ACSAC.

[2]  Angelos D. Keromytis,et al.  IntFlow: improving the accuracy of arithmetic error detection using information flow tracking , 2014, ACSAC '14.

[3]  Andreas Ibing,et al.  A Fixed-Point Algorithm for Automated Static Detection of Infinite Loops , 2015, 2015 IEEE 16th International Symposium on High Assurance Systems Engineering.

[4]  Yi Wang,et al.  BRICK: A Binary Tool for Run-Time Detecting and Locating Integer-Based Vulnerability , 2009, 2009 International Conference on Availability, Reliability and Security.

[5]  David A. Wagner,et al.  Dynamic Test Generation to Find Integer Bugs in x86 Binary Linux Programs , 2009, USENIX Security Symposium.

[6]  Andreas Ibing Architecture description language based retargetable symbolic execution , 2015, 2015 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[7]  Bin Zhang,et al.  Detecting integer overflow in Windows binary executables based on symbolic execution , 2016, 2016 17th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD).

[8]  Chao Zhang,et al.  IntPatch: Automatically Fix Integer-Overflow-to-Buffer-Overflow Vulnerability at Compile-Time , 2010, ESORICS.

[9]  Claudia Eckert,et al.  CastSan: Efficient Detection of Polymorphic C++ Object Type Confusions with LLVM , 2018, ESORICS.

[10]  Shambhu J. Upadhyaya,et al.  ARCHERR: Runtime Environment Driven Program Safety , 2004, ESORICS.

[11]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[12]  David Brumley,et al.  RICH: Automatically Protecting Against Integer-Based Vulnerabilities , 2007, NDSS.

[13]  Martin Rinard,et al.  Automatic Error Elimination by Multi-Application Code Transfer , 2014 .

[14]  Patrice Godefroid,et al.  Automated Whitebox Fuzz Testing , 2008, NDSS.

[15]  Clark W. Barrett,et al.  The SMT-LIB Standard Version 2.0 , 2010 .

[16]  Martin Rinard,et al.  Automatic Discovery and Patching of Buffer and Integer Overflow Errors , 2015 .

[17]  Fan Long,et al.  Sound input filter generation for integer overflow errors , 2014, POPL.

[18]  Cristian Cadar,et al.  make test-zesti: A symbolic execution solution for improving regression testing , 2012, 2012 34th International Conference on Software Engineering (ICSE).

[19]  Wenke Lee,et al.  Diagnosis and Emergency Patch Generation for Integer Overflow Exploits , 2014, DIMVA.

[20]  Claudia Eckert,et al.  τCFI: Type-Assisted Control Flow Integrity for x86-64 Binaries , 2018, RAID.

[21]  David J. Sielaff,et al.  Modular Bug-finding for Integer Overflows in the Large: Sound, Efficient, Bit-precise Static Analysis , 2009 .

[22]  Yang Zhang,et al.  Improving Accuracy of Static Integer Overflow Detection in Binary , 2015, RAID.

[23]  Fernando Magno Quintão Pereira,et al.  A fast and low-overhead technique to secure programs against integer overflows , 2013, Proceedings of the 2013 IEEE/ACM International Symposium on Code Generation and Optimization (CGO).

[24]  Eric Lahtinen,et al.  Targeted Automatic Integer Overflow Discovery Using Goal-Directed Conditional Branch Enforcement , 2015, ASPLOS.

[25]  Rafal Wojtczuk UQBTng : a tool capable of automatically finding integer overflows in Win 32 binaries , .

[26]  Tao Wei,et al.  IntScope: Automatically Detecting Integer Overflow Vulnerability in X86 Binary Using Symbolic Execution , 2009, NDSS.

[27]  Yi Wang,et al.  IntFinder: Automatically Detecting Integer Bugs in x86 Binary Program , 2009, ICICS.

[28]  Yuriy Brun,et al.  Repairing Programs with Semantic Code Search (T) , 2015, 2015 30th IEEE/ACM International Conference on Automated Software Engineering (ASE).

[29]  Martin Monperrus,et al.  Automatic Software Repair , 2018, ACM Comput. Surv..

[30]  Dawei Qi,et al.  SemFix: Program repair via semantic analysis , 2013, 2013 35th International Conference on Software Engineering (ICSE).

[31]  Ralph Johnson,et al.  design patterns elements of reusable object oriented software , 2019 .

[32]  Min Zhou,et al.  IntPTI: Automatic integer error repair with proper-type inference , 2017, 2017 32nd IEEE/ACM International Conference on Automated Software Engineering (ASE).

[33]  Dawson R. Engler,et al.  KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs , 2008, OSDI.

[34]  Daniel Kroening,et al.  A Tool for Checking ANSI-C Programs , 2004, TACAS.

[35]  Zack Coker,et al.  Program transformations to fix C integers , 2013, 2013 35th International Conference on Software Engineering (ICSE).

[36]  Peng Li,et al.  Understanding integer overflow in C/C++ , 2012, 2012 34th International Conference on Software Engineering (ICSE).

[37]  Xiangyu Zhang,et al.  IntEQ: Recognizing Benign Integer Overflows via Equivalence Checking across Multiple Precisions , 2016, 2016 IEEE/ACM 38th International Conference on Software Engineering (ICSE).

[38]  David Brumley,et al.  Enhancing symbolic execution with veritesting , 2014, ICSE.

[39]  Claudia Eckert,et al.  SMT-constrained symbolic execution engine for integer overflow detection in C code , 2015, 2015 Information Security for South Africa (ISSA).

[40]  Trent Jaeger,et al.  Using Safety Properties to Generate Vulnerability Patches , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[41]  Abhik Roychoudhury,et al.  Angelix: Scalable Multiline Program Patch Synthesis via Symbolic Analysis , 2016, 2016 IEEE/ACM 38th International Conference on Software Engineering (ICSE).

[42]  Min Zhou,et al.  Automatic Fix for C Integer Errors by Precision Improvement , 2016, 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC).

[43]  Abhik Roychoudhury,et al.  DirectFix: Looking for Simple Program Repairs , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[44]  Koushik Sen,et al.  Symbolic execution for software testing: three decades later , 2013, CACM.

[45]  Claudia Eckert,et al.  Automated Generation of Buffer Overflow Quick Fixes Using Symbolic Execution and SMT , 2015, SAFECOMP.