An Integer Overflow Detection Method Based on Integer Variable Unification

doi:10.13190/jbupt.200806.90.193

JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM ›› 2008, Vol. 31 ›› Issue (6): 90-93.doi: 10.13190/jbupt.200806.90.193

• Reports • Previous Articles Next Articles

An Integer Overflow Detection Method Based on Integer Variable Unification

XU Guo-ai1, ZHANG Miao1, CHEN Ai-guo1, LI Zhong-xian2

(1. National Engineering Laboratory for Disaster Backup and Recovery, Beijing University of Posts and Telecommunications, Beijing 100876, China; 2. National Cybernet Security Limited, Tianjin 300052, China)

Received:2008-05-04 Revised:2008-09-11 Online:2008-12-31 Published:2008-12-31
Contact: XU Guo-ai

Abstract

Abstract:

Through analyzing the principium of integer overflow, an integer overflow detection method on software source code is proposed which is based on integer variable unification. We presented the integer variable unification method and defined three unified actions which were used in three given cases. Then the detection process was described, it simplified integer overflow flaw into mathematic inequalities, and removed the influence of context to the objective variable. Finally, instances were provided to demonstrate the effectiveness and practicability of the presented method.

Key words: integer overflow, static analysis, control flow analysis, information security

CLC Number:

TP309

XU Guo-ai1, ZHANG Miao1, CHEN Ai-guo1, LI Zhong-xian2

. An Integer Overflow Detection Method Based on Integer Variable Unification[J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2008, 31(6): 90-93.

[1]	WANG Si-qi, MIAO Si-wei, ZHANG Xiao-ling, SHI Zhi-qiang, LU Xin-dai. Static Vulnerability Detection Technology for the Embedded Firmware Web Code Based on D-S Evidence Theory [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2019, 42(5): 91-99.
[2]	LEI Wei-jia, SHENG Jie, XIE Xian-zhong. Encoding and Decoding Scheme of Security-Enhanced LT Codes [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2016, 39(4): 108-113.
[3]	YANG Hong-yu, CHENG Xiang. Information System Risk Control Method Based on Work-Flow [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2016, 39(3): 105-109.
[4]	GE Hai-hui, ZHENG Shi-hui, CHEN Tian-ping, YANG Yi-xian. Fuzzy Risk Assessment of Information Security Threat Scenario [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2013, 36(6): 89-92,107.
[5]	Jin Da-Hai. Applications of PostFunction Information in Software Static Testing [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2010, 33(6): 103-106.
[6]	QIN Hua-wang;DAI Yue-wei;WANG Zhi-quan. Threshold Signature Scheme Based on the General Access Structure [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2009, 32(6): 102-104.
[7]	LuZhenbang,ZHOU Bo. Hierarchical Risk Assessment Based on Shapley Entropies and Choquet Integrals [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2009, 32(6): 83-87.
[8]	LEI Xin-Feng. Implement of Chinese-Wall Model Based on an Open Synthetical Security Model [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2009, 32(3): 73-76.
[9]	Ya-wen WANG yunzhan gong qing xiao Yang Zhao-Hong. Variable Range Analysis Based on Interval Computation [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2009, 32(3): 36-41.
[10]	YANG Zhao-hong1，2 ，GONG Yun-zhan1,2 ， XIAO Qing1，2 ，WANG Ya-wen1,2. A Defect Based Model Testing System [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2008, 31(5): 1-4.
[11]	LI Da-lin, LIN Xue-hong, LIN Jia-ru, WU Wei-ling. A Necessary Condition for Secure Network Coding [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2008, 31(5): 9-12.
[12]	TANG Yong-li1,2, XU Guo-ai1, NIU Xin-xin1, YANG Yi-xian1. Research on Information Security Risk Analysis Model Using Information Entropy [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2008, 31(2): 50-53.
[13]	LEI Xin-feng1, LIANG Ming-xiao2, LIU Jun1, XIAO Jun-mo1 . An Open Synthetical Security Model [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2008, 31(1): 18-21.
[14]	ZHAO He-ping. Application of Message Extension to Spacecraft Telecommand Data Protection [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2006, 29(6): 5-8.
[15]	DONG Wei, YANG YI-xian, NIU XIN-xin. Security Technology Research of GlobalPlatform Based on JavaSIM Card [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2006, 29(3): 91-94.

An Integer Overflow Detection Method Based on Integer Variable Unification

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics

Comments