Learn More
—Code reuse attacks have become one of the most popular exploitation techniques, and coarse-grained control flow integrity (CFI) is a practical approach used to prevent such attacks. Recently, some new approaches have been proposed to construct call-preceded-ROP attacks to bypass coarse-grained CFI, however, we find that they still fail to bypass shadow(More)
Integer-Overflow-to-Buffer-Overflow (<i>IO2BO</i>) vulnerabilities can be exploited by attackers to cause severe damages to computer systems. In this paper, we present the design and implementation of IntTracker, an efficient dynamic tracking technique for detecting IO2BO vulnerabilities in C/C++ programs. IntTracker utilizes a static taint analysis to(More)
Concolic testing is a popular method based on symbolic execution and constraint solving, designed for security testing of applications. Unfortunately, the current effectiveness of concolic testing tools are limited when testing large applications due to the enormous number of control paths and limited budget. In this paper, we introduce selective symbolic(More)
Integer overflow (<i>IO</i>) vulnerabilities can be exploited by attackers to compromise computer systems. In the mean time, IOs can be used intentionally by programmers for benign purposes such as hashing and random number generation. Hence, differentiating exploitable and harmful IOs from intentional and benign ones is an important challenge. It allows(More)
Several protocols have been proposed to defend against wormhole attacks in sensor networks by adopting cryptographic methods, packet leashes, directional antennas, or visualization, etc. In this paper, we propose a local energy-efficient method to detect wormhole attacks. This method can be applied in sensor networks with metric-based routing protocols and(More)
—Fork-based symbolic execution would waste large amounts of computing time and resource on invulnerable paths when applied to vulnerability detection. In this paper, we propose a statically-guided fork-based symbolic execution technique for vulnerability detection to mitigate this problem. In static analysis, we collect all valid jumps along vulnerable(More)
With the world population increasing rapidly, the conflicts between the population and limited resources have become more and more severe. Population growth is a root cause of many environmental and social problems. Therefore, it is of vital importance to make population predictions. However, predictions based on standard cohort-component method fails to(More)