Detecting the Vulnerability Pattern of Writing Tainted Value to Tainted Address

Hu Chaojian; Li Zhoujun; Guo Tao; Shi Zhiwei

Journal of Computer Research and Development > 2011 > 48(8): 1455-1463.

Hu Chaojian, Li Zhoujun, Guo Tao, Shi Zhiwei. Detecting the Vulnerability Pattern of Writing Tainted Value to Tainted Address[J]. Journal of Computer Research and Development, 2011, 48(8): 1455-1463.

Citation:

PDF (1028 KB)

Detecting the Vulnerability Pattern of Writing Tainted Value to Tainted Address

1(School of Computer Science and Engineering, Beihang University, Beijing 100191) 2(China Information Technology Security Evaluation Center, Beijing 100085)

More Information

Published Date: August 14, 2011

Graphical Abstract

Abstract

Abstract

Device drivers are lower level computer programs, which allow higher level computer programs to interact with hardware devices. Commonly, vulnerabilities in device drivers would be more devastating than that in applications. “Writing tainted value to tainted address” is a kind of vulnerability pattern, frequently existing in Windows device driver programs. In this paper, we first time describe this kind of vulnerability pattern in so many words, present a systematic method to detect it in binary Windows device driver programs automatically, and implement our method in a prototype tool called T2T-B2C. The method bases on de-compiling and static taints analysis technologies. Compared with other methods, our method could analyze native binary code as well as C code. Accordingly, T2T-B2C consists of two components called T2T and B2C respectively. Firstly, B2C translates binary files to C files by de-compiling; and then T2T uses static taint analysis technology to detect the vulnerable statement, which is writing tainted value to tainted address in the C code that B2C produced. We evaluate T2T-B2C with binary device drivers of several Windows anti-virus programs, and find 6 uncovered vulnerabilities. The results show that T2T-B2C is an applied vulnerability detecting tool that could be scalable to large programs.
- vulnerability,
- binary,
- device driver,
- decompile,
- taint analysis

FullText(HTML)

References (0)

[1]	Tan Tian, Ma Xiaoxing, Xu Chang, Ma Chunyan, Li Yue. Survey on Java Pointer Analysis[J]. Journal of Computer Research and Development, 2023, 60(2): 274-293. DOI: 10.7544/issn1000-1239.202220901
[2]	Guo Fangfang, Wang Xinyue, Wang Huiqiang, Lü Hongwu, Hu Yibing, Wu Fang, Feng Guangsheng, Zhao Qian. A Dynamic Stain Analysis Method on Maximal Frequent Sub Graph Mining[J]. Journal of Computer Research and Development, 2020, 57(3): 631-638. DOI: 10.7544/issn1000-1239.2020.20180846
[3]	Li Zhen, Tang Zhanyong, Li Zhengqiao, Wang Hai, Gong Xiaoqing, Chen Feng, Chen Xiaojiang, Fang Dingyi. An Automatic Detection Method for Privacy Leakage Across Application Components[J]. Journal of Computer Research and Development, 2019, 56(6): 1252-1262. DOI: 10.7544/issn1000-1239.2019.20180548
[4]	Wang Lei, He Dongjie, Li Lian, Feng Xiaobing. Sparse Framework Based Static Taint Analysis Optimization[J]. Journal of Computer Research and Development, 2019, 56(3): 480-495. DOI: 10.7544/issn1000-1239.2019.20180071
[5]	Yue Hongzhou, Zhang Yuqing, Wang Wenjie, Liu Qixu. Android Static Taint Analysis of Dynamic Loading and Reflection Mechanism[J]. Journal of Computer Research and Development, 2017, 54(2): 313-327. DOI: 10.7544/issn1000-1239.2017.20150928
[6]	Zhang Huilin, Ding Yu, Zhang Lihua, Duan Lei, Zhang Chao, Wei Tao, Li Guancheng, Han Xinhui. SQL Injection Prevention Based on Sensitive Characters[J]. Journal of Computer Research and Development, 2016, 53(10): 2262-2276. DOI: 10.7544/issn1000-1239.2016.20160443
[7]	Lu Yemian, Ying Lingyun, Su Purui, Feng Dengguo, Jing Erxia, Gu Yacong. Security Analysis and Evaluation for the Usage of Settings Mechanism in Android[J]. Journal of Computer Research and Development, 2016, 53(10): 2248-2261. DOI: 10.7544/issn1000-1239.2016.20160449
[8]	Wang Yi, Li Zhoujun, Guo Tao. Literal Tainting Method for Preventing Code Injection Attack in Web Application[J]. Journal of Computer Research and Development, 2012, 49(11): 2414-2423.
[9]	Zhao Tianlei, Tang Yuxing, Fu Guitao, Jia Xiaomin, Qi Shubo, and Zhang Minxuan. Accelerating Program Behavior Analysis with Dynamic Binary Translation[J]. Journal of Computer Research and Development, 2012, 49(1): 35-43.
[10]	Han Wei, He Yeping. Static Analysis of TOCTTOU Vulnerabilities in Unix-Style File System[J]. Journal of Computer Research and Development, 2011, 48(8): 1430-1437.