IntTracer: Sanitization-aware IO2BO Vulnerability Detection across Codebases
Integer Overflow to Buffer Overflow (IO2BO) vulnerability represents a common bug pattern in system software and is able to be detected by various program analysis methods. Mainstream static approaches apply taint analysis to find source-sink pairs and then submit those suspicious bug locations to dynamic instrumentation or static encoding.
However, works utilizing both methods either fail to handle sanitization code well nor lack the ability to generalize across codebases. In this work, we present IntTracer, which is enhanced with interval domain to model the effect of sanitization in the trace of IO2BO bug, and is able to find recurring vulnerabilities from different development scenarios. IntTracer can successfully prevent generating false positives under 5 scenarios.
Wed 17 AprDisplayed time zone: Lisbon change
16:00 - 17:30 | SRC PostersSRC - ACM Student Research Competition at Open Space Chair(s): Mattia Fazzini University of Minnesota, André Restivo LIACC, Universidade do Porto, Porto, Portugal | ||
16:00 90mPoster | Program Decomposition and Translation with Static Analysis SRC - ACM Student Research Competition Ali Reza Ibrahimzada University of Illinois Urbana-Champaign DOI Pre-print File Attached | ||
16:00 90mPoster | IntTracer: Sanitization-aware IO2BO Vulnerability Detection across Codebases SRC - ACM Student Research Competition Xiang Chen Shanghai Jiao Tong University | ||
16:00 90mPoster | Vulnerability Root Cause Function Locating For Java Vulnerabilities SRC - ACM Student Research Competition Lyuye Zhang Nanyang Technological University | ||
16:00 90mPoster | Flakiness Repair in the Era of Large Language Models SRC - ACM Student Research Competition Yang Chen University of Illinois at Urbana-Champaign | ||
16:00 90mPoster | Refining Abstract Specifications into Dangerous Traffic Scenarios SRC - ACM Student Research Competition Aren Babikian McGill University | ||
16:00 90mPoster | An Ensemble Method for Bug Triaging using Large Language Models SRC - ACM Student Research Competition Atish Kumar Dipongkor University of Central Florida | ||
16:00 90mPoster | Classifying Source Code: How Far Can Compressor-based Classifiers Go? SRC - ACM Student Research Competition Zhou Yang Singapore Management University |