Locating Vulnerabilities in Binaries via Memory Layout Recovering

Locating vulnerabilities is an important task for security auditing, exploit writing, and code hardening. However, it is challenging to locate vulnerabilities in binary code, because most program semantics (e.g., boundaries of an array) is missing after compilation. Without program semantics, it is difficult to determine whether a memory access exceeds its valid boundaries in binary code. In this work, we propose an approach to locate vulnerabilities based on memory layout recovery. First, we collect a set of passed executions and one failed execution. Then, for passed and failed executions, we restore their program semantics by recovering fine-grained memory layouts based on the memory addressing model. With the memory layouts recovered in passed executions as reference, we can locate vulnerabilities in failed execution by memory layout identification and comparison. Our experiments show that the proposed approach is effective to locate vulnerabilities on 24 out of 25 DARPA’s CGC programs (96%), and can effectively classifies 453 program crashes (in 5 Linux programs) into 19 groups based on their root causes

The ground state energy of a spinor field in the background of a finite radius flux tube

We develop a formalism for the calculation of the ground state energy of a spinor field in the background of a cylindrically symmetric magnetic field. The energy is expressed in terms of the Jost function of the associated scattering problem. Uniform asymptotic expansions needed are obtained from the Lippmann-Schwinger equation. The general results derived are applied to the background of a finite radius flux tube with a homogeneous magnetic field inside and the ground state energy is calculated numerically as a function of the radius and the flux. It turns out to be negative, remaining smaller by a factor of $\alpha$ than the classical energy of the background except for very small values of the radius which are outside the range of applicability of QED.Comment: 25 pages, 3 figure

Vacuum energy in the presence of a magnetic string with delta function profile

We present a calculation of the ground state energy of massive spinor fields and massive scalar fields in the background of an inhomogeneous magnetic string with potential given by a delta function. The zeta functional regularization is used and the lowest heat kernel coefficients are calculated. The rest of the analytical calculation adopts the Jost function formalism. In the numerical part of the work the renormalized vacuum energy as a function of the radius $R$ of the string is calculated and plotted for various values of the strength of the potential. The sign of the energy is found to change with the radius. For both scalar and spinor fields the renormalized energy shows no logarithmic behaviour in the limit $R\to 0$, as was expected from the vanishing of the heat kernel coefficient $A_2$, which is not zero for other types of profiles.Comment: 30 pages, 10 figure

Validation of Memory Accesses Through Symbolic Analyses

International audienceThe C programming language does not prevent out-of- bounds memory accesses. There exist several techniques to secure C programs; however, these methods tend to slow down these programs substantially, because they populate the binary code with runtime checks. To deal with this prob- lem, we have designed and tested two static analyses - sym- bolic region and range analysis - which we combine to re- move the majority of these guards. In addition to the analy- ses themselves, we bring two other contributions. First, we describe live range splitting strategies that improve the effi- ciency and the precision of our analyses. Secondly, we show how to deal with integer overflows, a phenomenon that can compromise the correctness of static algorithms that validate memory accesses. We validate our claims by incorporating our findings into AddressSanitizer. We generate SPEC CINT 2006 code that is 17% faster and 9% more energy efficient than the code produced originally by this tool. Furthermore, our approach is 50% more effective than Pentagons, a state- of-the-art analysis to sanitize memory accesses

Effect of multiaxial deformation on structure, mechanical properties, and corrosion resistance of a Mg-Ca alloy

This article provides a report on the effect of multiaxial deformation (MAD) on the structure, texture, mechanical characteristics, and corrosion resistance of the Mg-0.8 (wt.)% Ca alloy. MAD was carried out on the alloy in the as-cast and the annealed states in multiple passes, with a stepwise decrease in the deformation temperature from 450 to 250 °C in 50 °C steps. The cumulative true strain at the end of the process was 22.

The effect of equal-channel angular pressing on microstructure, mechanical properties, and biodegradation behavior of magnesium alloyed with silver and gadolinium

The effect of equal channel angular pressing (ECAP) on the microstructure, texture, mechanical properties, and corrosion resistance of the alloys Mg-6.0%Ag and Mg-10.0%Gd was studied. It was shown that ECAP leads to grain refinement of the alloys down to the average grain size of 2–3 μm and 1–2 μm, respectively. In addition, in both alloys the precipitation of fine particles of phases Mg$_{54}$Ag$_{17}$ and Mg$_{5}$Gd with sizes of ~500–600 and ~400–500 nm and a volume fraction of ~9% and ~8.6%, respectively, was observed. In the case of the alloy Mg-6.0%Ag, despite a significant grain refinement, a drop in the strength characteristics and a nearly twofold increase in ductility (up to ~30%) was found. This behavior is associated with the formation of a sharp inclined basal texture. For alloy Mg-10.0%Gd, both ductility and strength were enhanced, which can be associated with the combined effect of significant grain refinement and an increased probability of prismatic and basal glide. ECAP was also shown to cause a substantial rise of the biodegradation rate of both alloys and an increase in pitting corrosion. The latter effect is attributed to an increase in the dislocation density induced by ECAP and the occurrence of micro-galvanic corrosion at the matrix/particle interfaces

Bremsstrahlung in the gravitational field of a cosmic string

In the framework of QED we investigate the bremsstrahlung process for an electron passing by a straight static cosmic string. This process is precluded in empty Minkowski space-time by energy and momentum conservation laws. It happens in the presence of the cosmic string as a consequence of the conical structure of space, in spite of the flatness of the metric. The cross section and emitted electromagnetic energy are computed and analytic expressions are found for different energies of the incoming electron. The energy interval is divided in three parts depending on whether the energy is just above electron rest mass $M$, much larger than $M$, or exceeds $M/\delta$, with $\delta$ the string mass per unit length in Planck units. We compare our results with those of scalar QED and classical electrodynamics and also with conic pair production process computed earlier.Comment: 21 pages, to appear in Phys. Rev. D., KONS-RGKU-94-0