PDVDS: A Pattern-Driven Software Vulnerability Detection System

• Published in: 2010 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing pp. 536 - 541
• Main Authors: Shaoyin Cheng, Jinding Wang, Jiajie Wang, Jun Yang, Fan Jiang
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.12.2010
• Subjects: Driver circuits; Lattices; Libraries; pattern-driven; Registers; Security; Software; software analysis; static analysis; uniform intermediate representation; vulnerability detection
• ISBN: 1424497191; 9781424497195
• DOI: 10.1109/EUC.2010.88

The automatic detection of security vulnerabilities in binary program is challenging and lacks efficient tools. Current research and tools are mostly restricted to a specific platform and environment, which induces the trouble to detect all kinds of vulnerabilities with unified approach. Moreover, Existing methods need many manual operations and rely on the experience of researchers. This paper presents a cross-platform system for automatically software vulnerability detection based on uniform intermediate representation. It supports many platforms, including x86, PowerPC and ARM. The system lifts underlying instructions to intermediate representation from several platforms. Platform-independent analysis method is implemented based on intermediate representation by static analysis. It also uses a vulnerability pattern driver extracted from experience and knowledge to drive the automatic vulnerability detection during the analysis. The system called PDVDS has been realized. We have evaluated its effectiveness through validating many known vulnerabilities and detecting three zero-day vulnerabilities.