Precisely detecting buffer overflow vulnerabilities

被引:0
|
作者
Wang, Lei [1 ]
Li, Ji [1 ]
Li, Bo-Yang [1 ]
机构
[1] Computer School, Beihang University, Beijing 100083, China
来源
Tien Tzu Hsueh Pao/Acta Electronica Sinica | 2008年 / 36卷 / 11期
关键词
Static analysis - Buffer storage;
D O I
暂无
中图分类号
学科分类号
摘要
Buffer overflow (BO) vulnerability is one of the most crucial threats to the security of software system, and a method using model checking was proposed to precisely detect potential BO vulnerabilities in source code. This method converts detecting BO vulnerabilities to verifying the reachability of certain position in programs by static analysis. Then model checking was used to do the verification job. Based on GCC and Blast, a prototype system to precisely detect BO vulnerabilities was developed for this method. At last, wu-ftpd, minicom and CoreHTTP was checked by the prototype system, which not only detected those known BO vulnerabilities but also some unknown BO vulnerabilities.
引用
收藏
页码:2200 / 2204
相关论文
共 50 条
  • [21] Assisting in Auditing of Buffer Overflow Vulnerabilities via Machine Learning
    Meng, Qingkun
    Feng, Chao
    Zhang, Bin
    Tang, Chaojing
    MATHEMATICAL PROBLEMS IN ENGINEERING, 2017, 2017
  • [22] Buttercup: On network-based detection of polymorphic buffer overflow vulnerabilities
    Pasupulati, A
    Coit, J
    Levitt, K
    Wu, SF
    Li, SH
    Kuo, JC
    Fan, KP
    NOMS 2004: IEEE/IFIP NETWORK OPERATIONS AND MANAGMENT SYMPOSIUM: MANAGING NEXT GENERATION CONVERGENCE NETWORKS AND SERVICES, 2004, : 235 - 248
  • [23] SafeStack: Automatically Patching Stack-Based Buffer Overflow Vulnerabilities
    Chen, Gang
    Jin, Hai
    Zou, Deqing
    Zhou, Bing Bing
    Liang, Zhenkai
    Zheng, Weide
    Shi, Xuanhua
    IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2013, 10 (06) : 368 - 379
  • [24] Rule-Based Source Level Patching of Buffer Overflow Vulnerabilities
    Shahriar, Hossain
    Haddad, Hisham M.
    PROCEEDINGS OF THE 2013 10TH INTERNATIONAL CONFERENCE ON INFORMATION TECHNOLOGY: NEW GENERATIONS, 2013, : 627 - 632
  • [25] An Empirical Study on Detecting and Fixing Buffer Overflow Bugs
    Ye, Tao
    Zhang, Lingming
    Wang, Linzhang
    Li, Xuandong
    2016 9TH IEEE INTERNATIONAL CONFERENCE ON SOFTWARE TESTING, VERIFICATION AND VALIDATION (ICST), 2016, : 91 - 101
  • [26] Communication-Traffic-Assisted Mining and Exploitation of Buffer Overflow Vulnerabilities in ADASs
    Li, Yufeng
    Liu, Mengxiao
    Cao, Chenhong
    Li, Jiangtao
    FUTURE INTERNET, 2023, 15 (05):
  • [27] A comparative analysis of Buffer Overflow vulnerabilities in High-End IoT devices
    Calatayud, Blas Molina
    Meany, Liam
    2022 IEEE 12TH ANNUAL COMPUTING AND COMMUNICATION WORKSHOP AND CONFERENCE (CCWC), 2022, : 694 - 701
  • [28] Auditing buffer overflow vulnerabilities using hybrid static-dynamic analysis
    Padmanabhuni, Bindu Madhavi
    Tan, Hee Beng Kuan
    IET SOFTWARE, 2016, 10 (02) : 54 - 61
  • [29] Characterizing Buffer Overflow Vulnerabilities in Large C/C plus plus Projects
    Pereira, Jose D'Abruzzo
    Ivaki, Naghmeh
    Vieira, Marco
    IEEE ACCESS, 2021, 9 : 142879 - 142892
  • [30] Auditing Buffer Overflow Vulnerabilities using Hybrid Static-Dynamic Analysis
    Padmanabhuni, Bindu Madhavi
    Tan, Hee Beng Kuan
    2014 IEEE 38TH ANNUAL INTERNATIONAL COMPUTERS, SOFTWARE AND APPLICATIONS CONFERENCE (COMPSAC), 2014, : 394 - 399
12345