Precisely detecting buffer overflow vulnerabilities

被引：0

作者：

Wang, Lei ^{[1
]}

Li, Ji ^{[1
]}

Li, Bo-Yang ^{[1
]}

机构：

[1] Computer School, Beihang University, Beijing 100083, China

来源：

Tien Tzu Hsueh Pao/Acta Electronica Sinica | 2008年 / 36卷 / 11期

关键词：

Static analysis - Buffer storage;

D O I：

暂无

中图分类号：

学科分类号：

摘要：

Buffer overflow (BO) vulnerability is one of the most crucial threats to the security of software system, and a method using model checking was proposed to precisely detect potential BO vulnerabilities in source code. This method converts detecting BO vulnerabilities to verifying the reachability of certain position in programs by static analysis. Then model checking was used to do the verification job. Based on GCC and Blast, a prototype system to precisely detect BO vulnerabilities was developed for this method. At last, wu-ftpd, minicom and CoreHTTP was checked by the prototype system, which not only detected those known BO vulnerabilities but also some unknown BO vulnerabilities.

引用

页码：2200 / 2204

共 50 条

[11] Buffer overflow vulnerabilities in CUDA: a preliminary analysis
Miele, Andrea
JOURNAL OF COMPUTER VIROLOGY AND HACKING TECHNIQUES, 2016, 12 (02) : 113 - 120
[12] Automatic Exploit Generation for Buffer Overflow Vulnerabilities
Xu, Luhang
Jia, Weixi
Dong, Wei
Li, Yongjun
2018 IEEE 18TH INTERNATIONAL CONFERENCE ON SOFTWARE QUALITY, RELIABILITY AND SECURITY COMPANION (QRS-C), 2018, : 463 - 468
[13] Detecting Buffer-Overflow Vulnerabilities in Smart Grid Devices via Automatic Static Analysis
Ying, Huan
Zhang, Yanmiao
Han, Lifang
Cheng, Yushi
Li, Jiyuan
Ji, Xiaoyu
Xu, Wenyuan
PROCEEDINGS OF 2019 IEEE 3RD INFORMATION TECHNOLOGY, NETWORKING, ELECTRONIC AND AUTOMATION CONTROL CONFERENCE (ITNEC 2019), 2019, : 813 - 817
[14] PointGuard™:: Protecting pointers from buffer overflow vulnerabilities
Cowan, C
Beattie, S
Johansen, J
Wagle, P
USENIX ASSOCIATION PROCEEDINGS OF THE 12TH USENIX SECURITY SYMPOSIUM, 2003, : 91 - 104
[15] BovInspector: Automatic Inspection and Repair of Buffer Overflow Vulnerabilities
Gao, Fengjuan
Wang, Linzhang
Li, Xuandong
2016 31ST IEEE/ACM INTERNATIONAL CONFERENCE ON AUTOMATED SOFTWARE ENGINEERING (ASE), 2016, : 786 - 791
[16] Automated exploit generation for stack buffer overflow vulnerabilities
V. A. Padaryan
V. V. Kaushan
A. N. Fedotov
Programming and Computer Software, 2015, 41 : 373 - 380
[17] Automated exploit generation for stack buffer overflow vulnerabilities
Padaryan, V. A.
Kaushan, V. V.
Fedotov, A. N.
PROGRAMMING AND COMPUTER SOFTWARE, 2015, 41 (06) : 373 - 380
[18] Light-Weight Rule-Based Test Case Generation for Detecting Buffer Overflow Vulnerabilities
Padmanabhuni, Bindu Madhavi
Tan, Hee Beng Kuan
10TH INTERNATIONAL WORKSHOP ON AUTOMATION OF SOFTWARE TEST AST 2015, 2015, : 48 - 52
[19] Exploiting Buffer Overflow Vulnerabilities in Software Defined Radios
Hitefield, S. D.
Fowler, M.
Clancy, T. Charles
IEEE 2018 INTERNATIONAL CONGRESS ON CYBERMATICS / 2018 IEEE CONFERENCES ON INTERNET OF THINGS, GREEN COMPUTING AND COMMUNICATIONS, CYBER, PHYSICAL AND SOCIAL COMPUTING, SMART DATA, BLOCKCHAIN, COMPUTER AND INFORMATION TECHNOLOGY, 2018, : 1921 - 1927
[20] HackSim: An automation of penetration testing for remote buffer overflow vulnerabilities
Kwon, OH
Lee, SM
Lee, H
Kim, J
Kim, SC
Nam, GW
Park, JG
INFORMATION NETWORKING: CONVERGENCE IN BROADBAND AND MOBILE NETWORKING, 2005, 3391 : 652 - 661

← 1 2 3 4 5 →