Automated Generation of Buffer Overflow Quick Fixes Using Symbolic Execution and SMT

In many C programs, debugging requires significant effort and can consume a lot of time. Even if the bug's cause is known, detecting a bug in such programs and generating a bug fix patch manually is a tedious task. In this paper, we present a novel approach used to generate bug fixes for buffer overflow automatically using static execution, code patch patterns, quick fix locations, user input saturation and Satisfiability Modulo Theories SMT. The generated patches are syntactically correct, can be semi-automatically inserted into code and do not need additional human refinement. We evaluated our approach on 58i¾?C open source programs contained in the Juliet test suite and measured an overhead of 0.59i¾?% with respect to the bug detection time. We think that our approach is generalizable and can be applied with other bug checkers that we developed.

[1]  Andreas Zeller,et al.  Fault Prediction, Localization, and Repair (Dagstuhl Seminar 13061) , 2013, Dagstuhl Reports.

[2]  Crispan Cowan,et al.  StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.

[3]  E. Berger HeapShield : Library-Based Heap Overflow Protection for Free , 2006 .

[4]  Deepak Gupta,et al.  TIED, LibsafePlus: Tools for Runtime Buffer Overflow Protection , 2004, USENIX Security Symposium.

[5]  Zhendong Su,et al.  Has the bug really been fixed? , 2010, 2010 ACM/IEEE 32nd International Conference on Software Engineering.

[6]  Andreas Ibing,et al.  Path-Sensitive Race Detection with Partial Order Reduced Symbolic Execution , 2014, SEFM Workshops.

[7]  Dawei Qi,et al.  SemFix: Program repair via semantic analysis , 2013, 2013 35th International Conference on Software Engineering (ICSE).

[8]  Bing Mao,et al.  LibsafeXP: A Practical and Transparent Tool for Run-time Buffer Overflow Preventions , 2006, 2006 IEEE Information Assurance Workshop.

[9]  Tzi-cker Chiueh,et al.  Automatic Patch Generation for Buffer Overflow Attacks , 2007, Third International Symposium on Information Assurance and Security.

[10]  Claudia Eckert,et al.  Context-sensitive detection of information exposure bugs with symbolic execution , 2014, InnoSWDev@SIGSOFT FSE.

[11]  Calton Pu,et al.  Buffer overflows: attacks and defenses for the vulnerability of the decade , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[12]  Xuxian Jiang,et al.  AutoPaG: towards automated software patch generation with source code root cause identification and repair , 2007, ASIACCS '07.

[13]  Alfred V. Aho,et al.  A Minimum Distance Error-Correcting Parser for Context-Free Languages , 1972, SIAM J. Comput..

[14]  Andreas Ibing,et al.  Parallel SMT-Constrained Symbolic Execution for Eclipse CDT/Codan , 2013, ICTSS.

[15]  Angelos D. Keromytis,et al.  A Dynamic Mechanism for Recovering from Buffer Overflow Attacks , 2005, ISC.

[16]  Chen Liu,et al.  R2Fix: Automatically Generating Bug Fixes from Bug Reports , 2013, 2013 IEEE Sixth International Conference on Software Testing, Verification and Validation.

[17]  Martin Monperrus,et al.  Automatic repair of buggy if conditions and missing preconditions with SMT , 2014, CSTVA 2014.

[18]  Westley Weimer,et al.  Patches as better bug reports , 2006, GPCE '06.

[19]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[20]  George C. Necula,et al.  Reverse Execution With Constraint Solving , 2011 .

[21]  Calton Pu,et al.  Buffer overflows: attacks and defenses for the vulnerability of the decade , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[22]  Andreas Ibing,et al.  A Fixed-Point Algorithm for Automated Static Detection of Infinite Loops , 2015, 2015 IEEE 16th International Symposium on High Assurance Systems Engineering.

[23]  Andreas Ibing SMT-Constrained Symbolic Execution for Eclipse CDT/Codan , 2013, SEFM Workshops.

[24]  Gang Chen,et al.  SafeStack: Automatically Patching Stack-Based Buffer Overflow Vulnerabilities , 2013, IEEE Transactions on Dependable and Secure Computing.

[25]  E. Christopher Lewis,et al.  SMART C: A Semantic Macro Replacement Translator for C , 2006, 2006 Sixth IEEE International Workshop on Source Code Analysis and Manipulation.

[26]  Martin C. Rinard,et al.  Automatic detection and repair of errors in data structures , 2003, OOPSLA '03.

[27]  Martin Monperrus,et al.  A critical review of "automatic patch generation learned from human-written patches": essay on the problem statement and the evaluation of automatic software repair , 2014, ICSE.

[28]  Claire Le Goues,et al.  GenProg: A Generic Method for Automatic Software Repair , 2012, IEEE Transactions on Software Engineering.

[29]  Alex Shaw,et al.  Automatically Fixing C Buffer Overflows Using Program Transformations , 2014, 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[30]  Hossain Shahriar,et al.  Rule-Based Source Level Patching of Buffer Overflow Vulnerabilities , 2013, 2013 10th International Conference on Information Technology: New Generations.

[31]  Claire Le Goues,et al.  Automatically finding patches using genetic programming , 2009, 2009 IEEE 31st International Conference on Software Engineering.

[32]  Jaechang Nam,et al.  Automatic patch generation learned from human-written patches , 2013, 2013 35th International Conference on Software Engineering (ICSE).