NPDHunter: Efficient Null Pointer Dereference Vulnerability Detection in Binary
Null pointer dereference (NPD) is a widespread vulnerability that occurs whenever an executing program attempts to dereference a null pointer. NPD vulnerability can be exploited by hackers to maliciously crash a process to cause a denial of service or execute an arbitrary code under specific conditi...
Main Authors: | , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
IEEE
2021-01-01
|
Series: | IEEE Access |
Subjects: | |
Online Access: | https://ieeexplore.ieee.org/document/9461802/ |
id |
doaj-d195d9f898094507866d86c6d6b111fe |
---|---|
record_format |
Article |
spelling |
doaj-d195d9f898094507866d86c6d6b111fe2021-06-29T23:00:36ZengIEEEIEEE Access2169-35362021-01-019901539016910.1109/ACCESS.2021.30912099461802NPDHunter: Efficient Null Pointer Dereference Vulnerability Detection in BinaryWenhui Jin0https://orcid.org/0000-0002-4647-6261Sami Ullah1https://orcid.org/0000-0002-5332-2914Dongmin Yoo2Heekuck Oh3https://orcid.org/0000-0002-2989-8737Department of Computer Science and Engineering, Hanyang University, Ansan, South KoreaDepartment of Computer Science and Engineering, Hanyang University, Ansan, South KoreaDepartment of Computer Science and Engineering, Major in Bio Artificial Intelligence, Hanyang University, Ansan, South KoreaDepartment of Computer Science and Engineering, Hanyang University, Ansan, South KoreaNull pointer dereference (NPD) is a widespread vulnerability that occurs whenever an executing program attempts to dereference a null pointer. NPD vulnerability can be exploited by hackers to maliciously crash a process to cause a denial of service or execute an arbitrary code under specific conditions. This typical taint-style vulnerability requires an accurate data dependency analysis to trace whether a source is propagated to a sensitive sink without proper sanitization. The primary challenge in data dependency analysis is pointer aliasing, which may significantly affect the vulnerability detection accuracy. Although there have been many studies and open-source tools, they still have limitations when detecting a real-world binary. In this paper, we propose a static binary analysis approach to detect an NPD vulnerability. To improve detection accuracy and practicality, we first identify two challenges that affect the accuracy of binary NPD detection: (i) pointer aliasing, and (ii) untrusted source identification. Then we implement a prototype of the proposed approach, NPDHunter, and evaluate it against 318 test cases provided by Juliet Test Suite v1.3. For the Juliet dataset, NPDHunter is accurate in detecting NPDs and generates 0% false negatives; as compared to bap-toolkit and cwe_checker, which have false-negative rates of 70.89% and 89.81%, respectively. We also evaluate NPDHunter for real-world binaries which recently reported NPD vulnerability. We have analyzed XNU kernel (large-scale), Redis, Bitlbee, libredwg, and libvncserver binaries and NPDHunter can detect all NPD cases, which justifies its usefulness for real-world binaries; compiled for x86_64 architecture.https://ieeexplore.ieee.org/document/9461802/Null pointer dereferencebinary analysisvulnerability detectionstatic analysisdata dependency |
collection |
DOAJ |
language |
English |
format |
Article |
sources |
DOAJ |
author |
Wenhui Jin Sami Ullah Dongmin Yoo Heekuck Oh |
spellingShingle |
Wenhui Jin Sami Ullah Dongmin Yoo Heekuck Oh NPDHunter: Efficient Null Pointer Dereference Vulnerability Detection in Binary IEEE Access Null pointer dereference binary analysis vulnerability detection static analysis data dependency |
author_facet |
Wenhui Jin Sami Ullah Dongmin Yoo Heekuck Oh |
author_sort |
Wenhui Jin |
title |
NPDHunter: Efficient Null Pointer Dereference Vulnerability Detection in Binary |
title_short |
NPDHunter: Efficient Null Pointer Dereference Vulnerability Detection in Binary |
title_full |
NPDHunter: Efficient Null Pointer Dereference Vulnerability Detection in Binary |
title_fullStr |
NPDHunter: Efficient Null Pointer Dereference Vulnerability Detection in Binary |
title_full_unstemmed |
NPDHunter: Efficient Null Pointer Dereference Vulnerability Detection in Binary |
title_sort |
npdhunter: efficient null pointer dereference vulnerability detection in binary |
publisher |
IEEE |
series |
IEEE Access |
issn |
2169-3536 |
publishDate |
2021-01-01 |
description |
Null pointer dereference (NPD) is a widespread vulnerability that occurs whenever an executing program attempts to dereference a null pointer. NPD vulnerability can be exploited by hackers to maliciously crash a process to cause a denial of service or execute an arbitrary code under specific conditions. This typical taint-style vulnerability requires an accurate data dependency analysis to trace whether a source is propagated to a sensitive sink without proper sanitization. The primary challenge in data dependency analysis is pointer aliasing, which may significantly affect the vulnerability detection accuracy. Although there have been many studies and open-source tools, they still have limitations when detecting a real-world binary. In this paper, we propose a static binary analysis approach to detect an NPD vulnerability. To improve detection accuracy and practicality, we first identify two challenges that affect the accuracy of binary NPD detection: (i) pointer aliasing, and (ii) untrusted source identification. Then we implement a prototype of the proposed approach, NPDHunter, and evaluate it against 318 test cases provided by Juliet Test Suite v1.3. For the Juliet dataset, NPDHunter is accurate in detecting NPDs and generates 0% false negatives; as compared to bap-toolkit and cwe_checker, which have false-negative rates of 70.89% and 89.81%, respectively. We also evaluate NPDHunter for real-world binaries which recently reported NPD vulnerability. We have analyzed XNU kernel (large-scale), Redis, Bitlbee, libredwg, and libvncserver binaries and NPDHunter can detect all NPD cases, which justifies its usefulness for real-world binaries; compiled for x86_64 architecture. |
topic |
Null pointer dereference binary analysis vulnerability detection static analysis data dependency |
url |
https://ieeexplore.ieee.org/document/9461802/ |
work_keys_str_mv |
AT wenhuijin npdhunterefficientnullpointerdereferencevulnerabilitydetectioninbinary AT samiullah npdhunterefficientnullpointerdereferencevulnerabilitydetectioninbinary AT dongminyoo npdhunterefficientnullpointerdereferencevulnerabilitydetectioninbinary AT heekuckoh npdhunterefficientnullpointerdereferencevulnerabilitydetectioninbinary |
_version_ |
1721354262574792704 |