research-article

Marple: a demand-driven path-sensitive buffer overflow detector

Authors:

Mary Lou SoffaAuthors Info & Claims

SIGSOFT '08/FSE-16: Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering

Pages 272 - 282

https://doi.org/10.1145/1453101.1453137

Published: 09 November 2008 Publication History

Abstract

Despite increasing efforts in detecting and managing software security vulnerabilities, the number of security attacks is still rising every year. As software becomes more complex, security vulnerabilities are more easily introduced into a system and more difficult to eliminate. Even though buffer overflow detection has been studied for more than 20 years, it is still the most commonly exploited vulnerability. In this paper, we develop a static analyzer for detecting and helping diagnose buffer overflows with the key idea of categorizing program paths as they relate to vulnerability. We combine path-sensitivity with a demand-driven analysis for precision and scalability. We first develop a vulnerability model for buffer overflow and then use the model in the development of the demand-driven path-sensitive analyzer. We detect and identify categories of paths including infeasible, safe, vulnerable, overflow-input-independent and don't-know. The categorization enables priorities to be set when searching for root causes of vulnerable paths. We implemented our analyzer, Marple, and compared its performance with existing tools. Our experiments show that Marple is able to detect buffer overflows that other tools cannot, and being path-sensitive with prioritization, Marple produces only 1 false positive out of 72 reported overflows. We also show that Marple scales to 570,000 lines of code, the largest benchmark we had.

References

[1]

Personal communication with John Lin from Microsoft.

[2]

Polyspace. http://www.polyspace.com.

[3]

T. Ball and J. R. Larus. Program flow path. Microsoft Technical Report MSR-TR-99-01, 1999.

[4]

R. Bodik, R. Gupta, and M. L. Soffa. Refining data flow information using infeasible paths. In Proceedings of the 6th ACM SIGSOFT International Symposium on Foundations of Software Engineering, 1997.

Digital Library

[5]

W. R. Bush, J. D. Pincus, and D. J. Sielaff. A static analyzer for finding dynamic programming errors. Software: Practice and Experience, 2000.

Digital Library

[6]

CERT. http://www.cert.org/.

[7]

H. Chen and D. Wagner. MOPS: an infrastructure for examining security properties of software. In Proceedings of the 9th ACM Conference on Computer and Communications Security, 2002.

Digital Library

[8]

E. Duesterwald, R. Gupta, and M. L. Soffa. A demand-driven analyzer for data flow testing at the integration level. In Proceedings of 18th International Conference on Software Engineering, 1996.

Digital Library

[9]

E. Duesterwald, R. Gupta, and M. L. Soffa. A practical framework for demand-driven interprocedural data flow analysis. ACM Transactions on Programming Languages and Systems, 1997.

Digital Library

[10]

D. Evans. Static detection of dynamic memory errors. In Proceedings of the ACM SIGPLAN 1996 Conference on Programming Language Design and Implementation, 1996.

Digital Library

[11]

B. Hackett, M. Das, D. Wang, and Z. Yang. Modular checking for buffer overflows in the large. In Proceeding of the 28th International Conference on Software Engineering, 2006.

Digital Library

[12]

Y. Hamadi. Disolver: A Distributed Constraint Solver. Technical Report MSR-TR-2003-91, Microsoft Research.

[13]

N. Heintze and O. Tardieu. Demand-driven pointer analysis. In Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation, 2001.

Digital Library

[14]

W. Le and M. L. Soffa. Refining buffer overflow detection via demand-driven path-sensitive analysis. In Proceedings of the 7th ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering, 2007.

Digital Library

[15]

V. B. Livshits and M. S. Lam. Tracking pointers with path and context sensitivity for bug detection in c programs. In Proceedings of the 11th ACM SIGSOFT International Symposium on Foundations of Software Engineering, 2003.

Digital Library

[16]

S. Lu, Z. Li, F. Qin, L. Tan, P. Zhou, and Y. Zhou. Bugbench: Benchmarks for evaluating bug detection tools. In Proceedings of Workshop on the Evaluation of Software Defect Detection Tools, 2005.

[17]

Microsoft Game Studio MechCommander2. http://www.microsoft.com/games/mechcommander2/.

[18]

Microsoft Phoenix. http://research.microsoft.com/phoenix/.

[19]

Microsoft Prefast. http://www.microsoft.com/whdc/devtools/tools/prefast.mspx.

[20]

M. Orlovich and R. Rugina. Memory leak analysis by contradiction. In Static Analysis, 13th International Symposium, 2006.

Digital Library

[21]

SecurityTeam. http://www.securiteam.com/.

[22]

E. Spafford. A failure to learn from the past. http://citeseer.ist.psu.edu/spafford03failure.html.

[23]

D. Wagner, J. S. Foster, and E. A. B. hand Alexander Aiken. A first step towards automated detection of buffer overrun vulnerabilities. In Proceedings of Network and Distributed System Security Symposium, 2000.

[24]

Y. Xie, A. Chou, and D. Engler. ARCHER: Using symbolic, path-sensitive analysis to detect memory access errors. In Proceedings of 11th ACM SIGSOFT International Symposium on Foundations of Software Engineering, 2003.

Digital Library

[25]

M. Zitser, R. Lippmann, and T. Leek. Testing static analysis tools using exploitable buffer overflows from open source code. In Proceedings of the 12th ACM SIGSOFT International Symposium on Foundations of Software Engineering, 2004.

Digital Library

Cited By

Guo YYao PZhang CChristakis MPradel M(2024)Precise Compositional Buffer Overflow Detection via Heap DisjointnessProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3652110(63-75)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3652110
Yadav AWilson JHuyen PTan SMechtaev SKhurshid S(2024)BOSS: A dataset to train ML-based systems to repair programs with out-of-bounds write flawsProceedings of the 5th ACM/IEEE International Workshop on Automated Program Repair10.1145/3643788.3648013(26-33)Online publication date: 20-Apr-2024
https://dl.acm.org/doi/10.1145/3643788.3648013
Chen ZYan RMa YSui YXue J(2023)A Smart Status Based Monitoring Algorithm for the Dynamic Analysis of Memory SafetyACM Transactions on Software Engineering and Methodology10.1145/3637227Online publication date: 11-Dec-2023
https://dl.acm.org/doi/10.1145/3637227
Show More Cited By

Index Terms

Marple: a demand-driven path-sensitive buffer overflow detector

Recommendations

Marple: Detecting faults in path segments using automatically generated analyses
In memoriam, fault detection and localization, formal methods, modeling and design

Generally, a fault is a property violation at a program point along some execution path. To obtain the path where a fault occurs, we can either run the program or manually identify the execution paths through code inspection. In both of the cases, only ...
Demonstration of the Marple System for Network Performance Monitoring
SIGCOMM Posters and Demos '17: Proceedings of the SIGCOMM Posters and Demos

We demonstrate Marple [15], a system that allows network operators to measure a wide variety of performance metrics in real time. It consists of a performance query language, Marple, modeled on familiar functional operators like map, filter, and ...
SQUID: a practical 100% throughput scheduler for crosspoint buffered switches

Crosspoint buffered switches are emerging as the focus of research in high-speed routers. They have simpler scheduling algorithms and achieve better performance than bufferless crossbar switches. Crosspoint buffered switches have a buffer at each ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SIGSOFT '08/FSE-16: Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering

November 2008

369 pages

ISBN:9781595939951

DOI:10.1145/1453101

General Chair:
Mary Jean Harrold
Georgia Institute of Technology
,
Program Chair:
Gail C. Murphy
University of British Columbia

Copyright © 2008 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSOFT: ACM Special Interest Group on Software Engineering

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 09 November 2008

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Conference

SIGSOFT '08/FSE-16

Sponsor:

SIGSOFT

SIGSOFT '08/FSE-16: SIGSOFT 2008 -16th International Symposium on the Foundations of Software Engineering

November 9 - 14, 2008

Georgia, Atlanta

Acceptance Rates

Overall Acceptance Rate 17 of 128 submissions, 13%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

40
Total Citations
View Citations
708
Total Downloads

Downloads (Last 12 months)30
Downloads (Last 6 weeks)3

Reflects downloads up to 16 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Guo YYao PZhang CChristakis MPradel M(2024)Precise Compositional Buffer Overflow Detection via Heap DisjointnessProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3652110(63-75)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3652110
Yadav AWilson JHuyen PTan SMechtaev SKhurshid S(2024)BOSS: A dataset to train ML-based systems to repair programs with out-of-bounds write flawsProceedings of the 5th ACM/IEEE International Workshop on Automated Program Repair10.1145/3643788.3648013(26-33)Online publication date: 20-Apr-2024
https://dl.acm.org/doi/10.1145/3643788.3648013
Chen ZYan RMa YSui YXue J(2023)A Smart Status Based Monitoring Algorithm for the Dynamic Analysis of Memory SafetyACM Transactions on Software Engineering and Methodology10.1145/3637227Online publication date: 11-Dec-2023
https://dl.acm.org/doi/10.1145/3637227
Chen ZZhang QWu JYan JXue J(2023)A Source-Level Instrumentation Framework for the Dynamic Analysis of Memory SafetyIEEE Transactions on Software Engineering10.1109/TSE.2022.321058049:4(2107-2127)Online publication date: 1-Apr-2023
https://doi.org/10.1109/TSE.2022.3210580
Guo YZhou JYao PShi QZhang CDwyer MDamian DZeller A(2022)Precise divide-by-zero detection with affirmative evidenceProceedings of the 44th International Conference on Software Engineering10.1145/3510003.3510066(1718-1729)Online publication date: 21-May-2022
https://dl.acm.org/doi/10.1145/3510003.3510066
Zhang YChen LNie XShi G(2022)An Effective Buffer Overflow Detection With Super Data-Flow Graphs2022 IEEE Intl Conf on Parallel & Distributed Processing with Applications, Big Data & Cloud Computing, Sustainable Computing & Communications, Social Computing & Networking (ISPA/BDCloud/SocialCom/SustainCom)10.1109/ISPA-BDCloud-SocialCom-SustainCom57177.2022.00093(684-691)Online publication date: Dec-2022
https://doi.org/10.1109/ISPA-BDCloud-SocialCom-SustainCom57177.2022.00093
Shafana NPawar K(2021)Exploitation Analysis of Buffer Overflow in SL-Mail Server2021 Fifth International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC)10.1109/I-SMAC52330.2021.9640767(1361-1370)Online publication date: 11-Nov-2021
https://doi.org/10.1109/I-SMAC52330.2021.9640767
Shi QWu RFan GZhang CRothermel GBae D(2020)Conquering the extensional scalability problem for value-flow analysis frameworksProceedings of the ACM/IEEE 42nd International Conference on Software Engineering10.1145/3377811.3380346(812-823)Online publication date: 27-Jun-2020
https://dl.acm.org/doi/10.1145/3377811.3380346
Liu HTian RRen BLiu TGrundy JLe Goues CLo D(2020)ProberProceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering10.1145/3324884.3416533(1116-1128)Online publication date: 21-Dec-2020
https://dl.acm.org/doi/10.1145/3324884.3416533
Gao FWang YWang LYang ZLi X(2020)Automatic Buffer Overflow Warning ValidationJournal of Computer Science and Technology10.1007/s11390-020-0525-z35:6(1406-1427)Online publication date: 30-Nov-2020
https://doi.org/10.1007/s11390-020-0525-z
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents