Security and Privacy in New Computing Environments. Second EAI International Conference, SPNCE 2019, Tianjin, China, April 13–14, 2019, Proceedings

Research Article

State Consistency Checking for Non-reentrant Function Based on Taint Assisted Symbol Execution

Download
127 downloads
  • @INPROCEEDINGS{10.1007/978-3-030-21373-2_40,
        author={Bo Yu and Qiang Yang and CongXi Song},
        title={State Consistency Checking for Non-reentrant Function Based on Taint Assisted Symbol Execution},
        proceedings={Security and Privacy in New Computing Environments. Second EAI International Conference, SPNCE 2019, Tianjin, China, April 13--14, 2019, Proceedings},
        proceedings_a={SPNCE},
        year={2019},
        month={6},
        keywords={Binary program State consistency Non-reentrant function Taint analysis Symbol execution},
        doi={10.1007/978-3-030-21373-2_40}
    }
    
  • Bo Yu
    Qiang Yang
    CongXi Song
    Year: 2019
    State Consistency Checking for Non-reentrant Function Based on Taint Assisted Symbol Execution
    SPNCE
    Springer
    DOI: 10.1007/978-3-030-21373-2_40
Bo Yu1, Qiang Yang1,*, CongXi Song1
  • 1: National University of Defense Technology
*Contact email: 290149807@qq.com

Abstract

Non-reentrant functions are commonly used in multi-thread programs, such as network services and other event-driven programs, to reserve some global states in a concurrent context. However, calling non-reentrant functions may bring several kinds of dangerous pointer dereference faults, and will lead to serious consequences such as program vulnerabilities. To beat this, this paper presents an approach to check state consistency against non-reentrant functions based on taint analysis and symbol execution technology. The proposed method records the program taint states and traces the data flow during the symbol execution process where some rules are specified to check the state consistency and exceptions such as null pointer reference, pointer double free and pointer use-after-free. We implement a proof-of-concept system SC2NRF based on the symbol execution framework . Further experiments show that our approach is able to effectively check state consistency of non-reentrant functions in binary programs.