Research Article
State Consistency Checking for Non-reentrant Function Based on Taint Assisted Symbol Execution
@INPROCEEDINGS{10.1007/978-3-030-21373-2_40, author={Bo Yu and Qiang Yang and CongXi Song}, title={State Consistency Checking for Non-reentrant Function Based on Taint Assisted Symbol Execution}, proceedings={Security and Privacy in New Computing Environments. Second EAI International Conference, SPNCE 2019, Tianjin, China, April 13--14, 2019, Proceedings}, proceedings_a={SPNCE}, year={2019}, month={6}, keywords={Binary program State consistency Non-reentrant function Taint analysis Symbol execution}, doi={10.1007/978-3-030-21373-2_40} }
- Bo Yu
Qiang Yang
CongXi Song
Year: 2019
State Consistency Checking for Non-reentrant Function Based on Taint Assisted Symbol Execution
SPNCE
Springer
DOI: 10.1007/978-3-030-21373-2_40
Abstract
Non-reentrant functions are commonly used in multi-thread programs, such as network services and other event-driven programs, to reserve some global states in a concurrent context. However, calling non-reentrant functions may bring several kinds of dangerous pointer dereference faults, and will lead to serious consequences such as program vulnerabilities. To beat this, this paper presents an approach to check state consistency against non-reentrant functions based on taint analysis and symbol execution technology. The proposed method records the program taint states and traces the data flow during the symbol execution process where some rules are specified to check the state consistency and exceptions such as null pointer reference, pointer double free and pointer use-after-free. We implement a proof-of-concept system SC2NRF based on the symbol execution framework . Further experiments show that our approach is able to effectively check state consistency of non-reentrant functions in binary programs.