Basser Seminar Series

Practical and Effective symbolic analysis for buffer overflow detection

Speaker: Dr Lian Li
Sunlabs, Oracle

Time: Friday 23 April 2010, 4:00-5:00pm
Refreshments will be available from 3:30pm

Location: The University of Sydney, School of IT Building, Lecture Theatre (Room 123), Level 1

Add seminar to my diary


Buffer overflows are the most common source of security vulnerabilities in system code. Different approaches using symbolic analysis have been proposed to find these vulnerabilities.However, existing symbolic analysis techniques are either too complex to scale to millions of lines of code (LOC), or too simple to effectively handle loops and complex program structures.

In this talk, I will introduce a new symbolic analysis algorithm for buffer overflow detection. Compared to previous work, we apply a simple rule to select related control and data dependencies and precisely solve the selected dependencies in computing the symbolic value of a variable. Experimental results suggest that the approach is practical and effective. The analysis runs over 8.6 million LOC of the ON codebase in 11 minutes and is able to find hundreds of buffer overflows with a false positive rate of less than 10%.

Speaker's biography

Lian Li is a postdoc at Sunlabs, Oracle. He is a member of the Parfait team, working on bug checking via static program analysis. His research interests focus on program language analysis and implementation, including static/dynamic analysis for bug detection, compiler optimizations and parallel computing.

Before joining Sunlabs, Lian worked in UNSW as a research officer since he finished his PhD in UNSW in 2007.