Multiplatform Use-After-Free and Double-Free Detection in Binaries *

Authors

  • Grigor S. Keropyan Ivannikov Institute for System Programming of the RAS
  • Vahagn G. Vardanyan Ivannikov Institute for System Programming of the RAS
  • Hayk K. Aslanyan Ivannikov Institute for System Programming of the RAS
  • Shamil F. Kurmangaleev Ivannikov Institute for System Programming of the RAS
  • Sergey. S. Gaissaryan Ivannikov Institute for System Programming of the RAS

Keywords:

Binary static analysis, Use-after-free, Dangling pointer detection

Abstract

Use-after-free (UAF) defects are a class of memory corruption bugs, which occur when a program continues to use a pointer after it has been freed. Double-free (DF) defects arise when the same memory is freed more than once. The developed platform is capable to analyze binaries of several architectures (x86, x86-64, MIPS, POWER-PC, ARM) and is based on program static analysis approach. For program analysis SDG (System Dependence Graph) machine-independent representation is used. SDG combines call graph, control and data flow graphs of the program. The tool consists of two main components: SDG generation and analysis of the obtained SDG. SDG generation is implemented using Ida Pro [1] disassembler and Binnavi [2] static analysis platform. Experimental results prove the scalability and effectiveness of the developed framework. The tool is tested on several test suits such as Juliet [3]. It also has detected a number of well-known bugs in real-world projects

References

[Online]. Available: www.hex-rays.com/products/ida

[Online]. Available: www.zynamics.com/binnavi.html

[Online]. Available: www.samate.nist.gov/SRD/testsuite.php

N. Nethercote, "Dynamic Binary Analysis and Instrumentation", PhD Dissertation, University of Cambridge, 2004.

[Online]. Available: www.cppcheck.sourceforge.net

[Online]. Available: www.mathworks.com/training-schedule/polyspace-code-prover-for-cccode-verification.html

P. Cuoq, F. Kirchner, N.Kosmatov, V. Prevosto, J. Signoles and B. Yakobowski, "FramaC—a software analysis perspective," SEFM, pp. 233-247, 2012.

W. Xu, D. C. DuVarney and R. Sekar, "An efficient and backwards-compatible transformation to ensure memory safety of C programs," ACM SIGSOFT Software Engineering Notes, vol. 29, pp. 117-126, 2004.

J. Caballero, G. Grieco, M. Marron and A. Nappa, "Undangle: early detection of dangling pointers in use-after-free and double-free vulnerabilities," Proceedings of the 2012 International Symposium on Software Testing and Analysis, pp. 133-143, 2012.

B. Lee, C. Song, Y. Jang and T. Wang, "Preventing Use-after-free with Dangling Pointers Nullification," in NDSS Symposium 2015, pp. 17-32, 2015.

J. Feist, L. Mounier and ML. Potet, "Statically detecting use after free on binary code," Journal of Computer Virology and Hacking Techniques, vol. 10, no. 3, pp. 211-217, 2014

S. Cesare, "Detecting bugs using decompilation and data flow analysis," in Black Hat USA, 2013.

D. Dewey, B. Reaves and P. Traynor, "Uncovering Use-After-Free Conditions in Compiled Code," in 10th International Conference on Availability, Reliability and Security, 2015.

www.zynamics.com/binnavi/manual/html/reil_language.htm

Downloads

Published

2021-12-10

How to Cite

Keropyan, G. S., Vardanyan, V. G., Aslanyan, H. K., Kurmangaleev, S. F., & Gaissaryan, S. S. (2021). Multiplatform Use-After-Free and Double-Free Detection in Binaries *. Mathematical Problems of Computer Science, 48, 50–56. Retrieved from http://mpcs.sci.am/index.php/mpcs/article/view/121

Issue

Vol. 48 (2017): Mathematical Problems of Computer Science

Section

Articles

License

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.