BRICK: A Binary Tool for Run-Time Detecting and Locating Integer-Based Vulnerability

Abstract

Integer-based vulnerability is an extremely serious bug for programs written in languages such as C/C++. However,in practice, very few software security tools can efficiently detect and accurately locate such vulnerability. In addition, previous methods mainly depend on source code analysis and recompilation which are impractical when protecting the program without source code. In this paper,we present the design, implementation, and evaluation of BRICK (Binary Run-time Integer-based vulnerability Checker), a tool for run-time detecting and locating integer-based vulnerability. Given an integer-based vulnerability exploit, BRICK is able to catch the value which falls out of the range of its corresponding type, then find the root cause for this vulnerability, and finally locate the vulnerability code and give a warning, based on its checking scheme. BRICK is implemented on the dynamic binary instrumentation framework Valgrind and its type inference plug-in: Catchconv. Preliminary experimental results are quit promising: BRICK can detect and locate most of integer-based vulnerability in real software, and has very low false positives and negatives.