HAL will be down for maintenance from Friday, June 10 at 4pm through Monday, June 13 at 9am. More information
Skip to Main content Skip to Navigation
Journal articles

VYPER: Vulnerability detection in binary code

Abstract : This paper presents a method for exploitable vulnerabilities detection in binary code with almost no false positives. It is based on the concolic (a mix of concrete and symbolic) execution of software binary code and the annotation of sensitive memory zones of the corresponding program traces (represented in a formal manner). Three big families of vulnerabilities are considered (taint related, stack overflow, and heap overflow). Based on the angr framework as a supporting software VulnerabilitY detection based on dynamic behavioral PattErn Recognition was developed to demonstrate the viability of the method. Several test cases using custom code, Juliet test base and widely used public libraries were performed showing a high detection potential for exploitable vulnerabilities with a very low rate of false positives
Complete list of metadata

https://hal.archives-ouvertes.fr/hal-02485434
Contributor : Sergey Verlan Connect in order to contact the contributor
Submitted on : Monday, January 31, 2022 - 8:22:28 PM
Last modification on : Thursday, February 10, 2022 - 4:49:26 PM
Long-term archiving on: : Sunday, May 1, 2022 - 8:00:29 PM

File

vyperV1 (1).pdf
Files produced by the author(s)

Identifiers

Collections

Citation

El Habib Boudjema, Sergey Verlan, Lynda Mokdad, Christèle Faure. VYPER: Vulnerability detection in binary code. Security and Privacy , Wiley, 2019, 3 (2), pp.e100. ⟨10.1002/spy2.100⟩. ⟨hal-02485434⟩

Share

Metrics

Record views

56

Files downloads

27