Finding Vulnerabilities in Binary Codes Using Tainting/Fuzzing Analysis

Hwang, Seong Oun

doi:10.1007/978-3-642-32692-9_36

Seong Oun Hwang⁵

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 310))

Included in the following conference series:

International Conference on Hybrid Information Technology

1148 Accesses

Abstract

Recently, cyber attacks on clients and servers have rapidly increased. Most of these attacks have exploited the underlying vulnerabilities in the target software. Unfortunately, identifying and correcting these vulnerabilities has become extremely difficult and time consuming since (1) most security analyses are based on hard to understand binary representation of the software, (2) most binary codes are too large to be analyzed by a human being, and (3) most software updates or patches are done either regularly or frequently, each of which requires security analysis. Therefore, what we need is a more efficient approach to software security analysis. In response to this concern, experts are now examining tainting and fuzzing techniques as viable alternatives to improve software security. In this article, we present an efficient method for software security analysis using tainting and fuzzing techniques.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 84.99; Price excludes VAT (USA)

Softcover Book: USD 109.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Veracode, State of software security report, vol. 3, http://www.veracode.com
SANS, CWE/SANS TOP 25 Most Dangerous Software Errors (2011), http://www.sans.org/top25-software-errors
Sutton, M., Greene, A., Amini, P.: Fuzzing Brute Force Vulnerability Discovery. Addison-Wesley (2008)
Google Scholar
Edgar, B.: Taint Analysis. In: Hackers to Hackers Conference (2009)
Google Scholar
IDA Pro, http://www.hexblog.com
Corelan, In Memory Fuzzing (2010), http://www.corelan.be/index.php/2010/10/20/in-memory-fuzzing
Pydbg, http://pedram.redhive.com/PaiMei/docs/PyDbg
Pin, http://www.pintool.org
DynamoRio, http://www.dynamorio.org
Bitblaze, http://bitblaze.cs.berkeley.edu

Download references

Author information

Authors and Affiliations

Department of Computer and Information Communications Engineering, Hongik University, Korea
Seong Oun Hwang

Authors

Seong Oun Hwang
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Department of Computer Engineering, Hannam University, 70 Hannamro, Daedeuk-gu, Daejeon, Korea
Geuk Lee
Computer Science and Information Systems, University of Limerick, Limerick, Ireland
Daniel Howard
University of Warsaw and Infobright Inc., Poland
Dominik Ślęzak
School of Information and Communication Engineering, Sang JI University, Wonju, Kangwon, Korea
You Sik Hong

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Hwang, S.O. (2012). Finding Vulnerabilities in Binary Codes Using Tainting/Fuzzing Analysis. In: Lee, G., Howard, D., Ślęzak, D., Hong, Y.S. (eds) Convergence and Hybrid Information Technology. ICHIT 2012. Communications in Computer and Information Science, vol 310. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32692-9_36

Download citation

DOI: https://doi.org/10.1007/978-3-642-32692-9_36
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-32691-2
Online ISBN: 978-3-642-32692-9
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics