SwordDTA: A dynamic taint analysis tool for software vulnerability detection

Software vulnerabilities are the root cause of various information security incidents while dynamic taint analysis is an emerging program analysis technique. In this paper, to maximize the use of the technique to detect software vulnerabilities, we present SwordDTA, a tool that can perform dynamic taint analysis for binaries. This tool is flexible and extensible that it can work with commodity software and hardware. It can be used to detect software vulnerabilities with vulnerability modeling and taint check. We evaluate it with a number of commonly used real-world applications. The experimental results show that SwordDTA is capable of detecting at least four kinds of software vulnerabilities including buffer overflow, integer overflow, division by zero and use-after-free, and is applicable for a wide range of software.

[1]  Alessandro Orso,et al.  Dytan: a generic dynamic taint analysis framework , 2007, ISSTA '07.

[2]  Roland Groz,et al.  A Taint Based Approach for Smart Fuzzing , 2012, 2012 IEEE Fifth International Conference on Software Testing, Verification and Validation.

[3]  尚弘 島影 National Institute of Standards and Technologyにおける超伝導研究及び生活 , 2001 .

[4]  Stephen McCamant,et al.  Path-exploration lifting: hi-fi tests for lo-fi emulators , 2012, ASPLOS XVII.

[5]  Saswat Anand,et al.  Techniques to facilitate symbolic execution of real-world programs , 2012 .

[6]  James Newsome,et al.  Dynamic Taint Analysis for Automatic Detection, Analysis, and SignatureGeneration of Exploits on Commodity Software , 2005, NDSS.

[7]  Angelos D. Keromytis,et al.  libdft: practical dynamic data flow tracking for commodity systems , 2012, VEE '12.

[8]  Koushik Sen,et al.  DART: directed automated random testing , 2005, PLDI '05.

[9]  Marie-Laure Potet,et al.  Taint Dependency Sequences: A Characterization of Insecure Execution Paths Based on Input-Sensitive Cause Sequences , 2010, 2010 Third International Conference on Software Testing, Verification, and Validation Workshops.

[10]  Koushik Sen,et al.  Symbolic execution for software testing: three decades later , 2013, CACM.

[11]  Giovanni Vigna,et al.  Static Detection of Vulnerabilities in x86 Executables , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[12]  Vitaly Shmatikov,et al.  Inputs of Coma: Static Detection of Denial-of-Service Vulnerabilities , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.

[13]  Roland Groz,et al.  Finding Software Vulnerabilities by Smart Fuzzing , 2011, 2011 Fourth IEEE International Conference on Software Testing, Verification and Validation.

[14]  Tao Wei,et al.  IntScope: Automatically Detecting Integer Overflow Vulnerability in X86 Binary Using Symbolic Execution , 2009, NDSS.

[15]  Jun He,et al.  A Smart Fuzzing Approach for Integer Overflow Detection , 2014 .

[16]  Christopher Krügel,et al.  Pixy: a static analysis tool for detecting Web application vulnerabilities , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[17]  Pedram Amini,et al.  Fuzzing: Brute Force Vulnerability Discovery , 2007 .

[18]  Zou Wei RoBDD-Based Fine-Grained Dynamic Taint Analysis , 2011 .

[19]  Martin C. Rinard,et al.  Taint-based directed whitebox fuzzing , 2009, 2009 IEEE 31st International Conference on Software Engineering.

[20]  Brian S. Pak,et al.  Hybrid Fuzz Testing: Discovering Software Bugs via Fuzzing and Symbolic Execution , 2012 .

[21]  Zhenkai Liang,et al.  BitBlaze: A New Approach to Computer Security via Binary Analysis , 2008, ICISS.

[22]  Cristina Cifuentes,et al.  Parfait: designing a scalable bug checker , 2008, SAW '08.

[23]  Hunter: Online Accurate Taint Propagation Analysis Based System for Detecting Bugs in Binaries , 2014, 2014 IEEE 12th International Conference on Dependable, Autonomic and Secure Computing.

[24]  Koushik Sen,et al.  CUTE: a concolic unit testing engine for C , 2005, ESEC/FSE-13.

[25]  Dawson R. Engler,et al.  KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs , 2008, OSDI.

[26]  Harish Patil,et al.  Pin: building customized program analysis tools with dynamic instrumentation , 2005, PLDI '05.

[27]  David Brumley,et al.  Enhancing symbolic execution with veritesting , 2014, ICSE.