Formal reasoning of various categories of widely exploited security vulnerabilities using pointer taintedness semantics

Shuo Chen; Karthik Pattabiraman; Zbigniew Kalbarczyk; Ravi K. Iyer

doi:10.1007/1-4020-8143-x_6

Formal reasoning of various categories of widely exploited security vulnerabilities using pointer taintedness semantics

Shuo Chen, Karthik Pattabiraman, Zbigniew Kalbarczyk, Ravi K. Iyer

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

This paper is motivated by a low level analysis of various categories of severe security vulnerabilities, which indicates that a common characteristic of many c1asses of vulnerabilities is pointer taintedness. Apointer is said to be tainted if a user input can directly or indirectly be used as apointer value. In order to reason about pointer taintedness, a memory model is needed. The main contribution of this paper is the formal definition of a memory model using equational logic, which is used to reason about pointer taintedness. The reasoning is applied to several Iibrary fimctions to extract security preconditions, which must be satisfied to eliminate the possibility of pointer taintedness. The results show that pointer taintedness analysis can expose different c1asses of security vulnerabilities, such as format string, heap corruption and buffer overflow vulnerabilities, leading us to believe that pointer taintedness provides a unifying perspective for reasoning about security vulnerabilities.

Original language	English (US)
Title of host publication	Security and Protection in Information Processing systems - IFIP 18th World Computer Congress, TC11 19th International Information Security Conference, SEC 2004
Publisher	Springer
Pages	83-99
Number of pages	17
ISBN (Print)	9781475780161
DOIs	https://doi.org/10.1007/1-4020-8143-x_6
State	Published - 2004
Event	IFIP TC11 19th International Information Security Conference, SEC 2004 - Toulouse, France Duration: Aug 22 2004 → Aug 27 2004

Publication series

Name	IFIP Advances in Information and Communication Technology
Volume	147
ISSN (Print)	1868-4238

Other

Other	IFIP TC11 19th International Information Security Conference, SEC 2004
Country/Territory	France
City	Toulouse
Period	8/22/04 → 8/27/04

Keywords

Equational logic
Pointer taintedness
Program semanties
Security vulnerability
Static analysis

ASJC Scopus subject areas

Information Systems and Management

Online availability

10.1007/1-4020-8143-x_6

Library availability

Discover UIUC Full Text

Cite this

Chen, S., Pattabiraman, K., Kalbarczyk, Z., & Iyer, R. K. (2004). Formal reasoning of various categories of widely exploited security vulnerabilities using pointer taintedness semantics. In Security and Protection in Information Processing systems - IFIP 18th World Computer Congress, TC11 19th International Information Security Conference, SEC 2004 (pp. 83-99). (IFIP Advances in Information and Communication Technology; Vol. 147). Springer. https://doi.org/10.1007/1-4020-8143-x_6

Formal reasoning of various categories of widely exploited security vulnerabilities using pointer taintedness semantics. / Chen, Shuo; Pattabiraman, Karthik; Kalbarczyk, Zbigniew et al.
Security and Protection in Information Processing systems - IFIP 18th World Computer Congress, TC11 19th International Information Security Conference, SEC 2004. Springer, 2004. p. 83-99 (IFIP Advances in Information and Communication Technology; Vol. 147).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Chen, S, Pattabiraman, K, Kalbarczyk, Z & Iyer, RK 2004, Formal reasoning of various categories of widely exploited security vulnerabilities using pointer taintedness semantics. in Security and Protection in Information Processing systems - IFIP 18th World Computer Congress, TC11 19th International Information Security Conference, SEC 2004. IFIP Advances in Information and Communication Technology, vol. 147, Springer, pp. 83-99, IFIP TC11 19th International Information Security Conference, SEC 2004, Toulouse, France, 8/22/04. https://doi.org/10.1007/1-4020-8143-x_6

Chen S, Pattabiraman K, Kalbarczyk Z , Iyer RK. Formal reasoning of various categories of widely exploited security vulnerabilities using pointer taintedness semantics. In Security and Protection in Information Processing systems - IFIP 18th World Computer Congress, TC11 19th International Information Security Conference, SEC 2004. Springer. 2004. p. 83-99. (IFIP Advances in Information and Communication Technology). doi: 10.1007/1-4020-8143-x_6

Chen, Shuo ; Pattabiraman, Karthik ; Kalbarczyk, Zbigniew et al. / Formal reasoning of various categories of widely exploited security vulnerabilities using pointer taintedness semantics. Security and Protection in Information Processing systems - IFIP 18th World Computer Congress, TC11 19th International Information Security Conference, SEC 2004. Springer, 2004. pp. 83-99 (IFIP Advances in Information and Communication Technology).

@inproceedings{6bbbded2a82649a3becce2ebafe6f14f,

title = "Formal reasoning of various categories of widely exploited security vulnerabilities using pointer taintedness semantics",

abstract = "This paper is motivated by a low level analysis of various categories of severe security vulnerabilities, which indicates that a common characteristic of many c1asses of vulnerabilities is pointer taintedness. Apointer is said to be tainted if a user input can directly or indirectly be used as apointer value. In order to reason about pointer taintedness, a memory model is needed. The main contribution of this paper is the formal definition of a memory model using equational logic, which is used to reason about pointer taintedness. The reasoning is applied to several Iibrary fimctions to extract security preconditions, which must be satisfied to eliminate the possibility of pointer taintedness. The results show that pointer taintedness analysis can expose different c1asses of security vulnerabilities, such as format string, heap corruption and buffer overflow vulnerabilities, leading us to believe that pointer taintedness provides a unifying perspective for reasoning about security vulnerabilities.",

keywords = "Equational logic, Pointer taintedness, Program semanties, Security vulnerability, Static analysis",

author = "Shuo Chen and Karthik Pattabiraman and Zbigniew Kalbarczyk and Iyer, {Ravi K.}",

year = "2004",

doi = "10.1007/1-4020-8143-x_6",

language = "English (US)",

isbn = "9781475780161",

series = "IFIP Advances in Information and Communication Technology",

publisher = "Springer",

pages = "83--99",

booktitle = "Security and Protection in Information Processing systems - IFIP 18th World Computer Congress, TC11 19th International Information Security Conference, SEC 2004",

address = "Germany",

note = "IFIP TC11 19th International Information Security Conference, SEC 2004 ; Conference date: 22-08-2004 Through 27-08-2004",

}

TY - GEN

T1 - Formal reasoning of various categories of widely exploited security vulnerabilities using pointer taintedness semantics

AU - Chen, Shuo

AU - Pattabiraman, Karthik

AU - Kalbarczyk, Zbigniew

AU - Iyer, Ravi K.

PY - 2004

Y1 - 2004

N2 - This paper is motivated by a low level analysis of various categories of severe security vulnerabilities, which indicates that a common characteristic of many c1asses of vulnerabilities is pointer taintedness. Apointer is said to be tainted if a user input can directly or indirectly be used as apointer value. In order to reason about pointer taintedness, a memory model is needed. The main contribution of this paper is the formal definition of a memory model using equational logic, which is used to reason about pointer taintedness. The reasoning is applied to several Iibrary fimctions to extract security preconditions, which must be satisfied to eliminate the possibility of pointer taintedness. The results show that pointer taintedness analysis can expose different c1asses of security vulnerabilities, such as format string, heap corruption and buffer overflow vulnerabilities, leading us to believe that pointer taintedness provides a unifying perspective for reasoning about security vulnerabilities.

AB - This paper is motivated by a low level analysis of various categories of severe security vulnerabilities, which indicates that a common characteristic of many c1asses of vulnerabilities is pointer taintedness. Apointer is said to be tainted if a user input can directly or indirectly be used as apointer value. In order to reason about pointer taintedness, a memory model is needed. The main contribution of this paper is the formal definition of a memory model using equational logic, which is used to reason about pointer taintedness. The reasoning is applied to several Iibrary fimctions to extract security preconditions, which must be satisfied to eliminate the possibility of pointer taintedness. The results show that pointer taintedness analysis can expose different c1asses of security vulnerabilities, such as format string, heap corruption and buffer overflow vulnerabilities, leading us to believe that pointer taintedness provides a unifying perspective for reasoning about security vulnerabilities.

KW - Equational logic

KW - Pointer taintedness

KW - Program semanties

KW - Security vulnerability

KW - Static analysis

UR - http://www.scopus.com/inward/record.url?scp=84902507067&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84902507067&partnerID=8YFLogxK

U2 - 10.1007/1-4020-8143-x_6

DO - 10.1007/1-4020-8143-x_6

M3 - Conference contribution

AN - SCOPUS:84902507067

SN - 9781475780161

T3 - IFIP Advances in Information and Communication Technology

SP - 83

EP - 99

BT - Security and Protection in Information Processing systems - IFIP 18th World Computer Congress, TC11 19th International Information Security Conference, SEC 2004

PB - Springer

T2 - IFIP TC11 19th International Information Security Conference, SEC 2004

Y2 - 22 August 2004 through 27 August 2004

ER -

Formal reasoning of various categories of widely exploited security vulnerabilities using pointer taintedness semantics

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this