Stale pointers are the new black
- Type
- Slides
- Tags
- reverse engineering, static analysis, vulnerability
- Authors
- Giovanni Gola, Vincenzo Iozzo
- Event
- Black Hat DC 2011
- Indexed on
- Mar 27, 2013
- URL
- https://media.blackhat.com/bh-dc-11/Iozzo-Gola/BlackHat_DC_2011_Iozzo-Gola_Stale_Pointers-Slides.pdf
- File name
- BlackHat_DC_2011_Iozzo-Gola_Stale_Pointers-Slides.pdf
- File size
- 2.6 MB
- MD5
- 96ea8b522b7bf3adbde11b3367a3cfe6
- SHA1
- 9b7eaee967062053bace608103ab55092df705f8
Memory corruption bugs such as dangling pointers, double frees and uninitialized memory are some of the open issues in application security. Finding dangling pointers and similar vulnerabilities in large code bases it's arguably more difficult than overflows because of the complexity and heterogeneity of applications memory management. Fuzzing has been proved to be an effective method for finding such bugs in browsers and other similar COTS applications, nonetheless it's not uncommon to see bugs found by fuzzers burned after a short period of time because of multiple rediscovery of the same vulnerabilities. In this talk the challenges of finding such bugs with static analysis and the results we got will be discussed, specifically we will explore the algorithms and techniques borrowed from program analysis and graph theory that can be employed to achieve our goal. We will also discuss what improvements can be made in order to increase precision and reduce the number of false positives.
About us
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Statistics
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.
Contribute
To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.
