Precisely detecting buffer overflow vulnerabilities

被引：0

作者：

Wang, Lei ^{[1
]}

Li, Ji ^{[1
]}

Li, Bo-Yang ^{[1
]}

机构：

[1] Computer School, Beihang University, Beijing 100083, China

来源：

Tien Tzu Hsueh Pao/Acta Electronica Sinica | 2008年 / 36卷 / 11期

关键词：

Static analysis - Buffer storage;

D O I：

暂无

中图分类号：

学科分类号：

摘要：

Buffer overflow (BO) vulnerability is one of the most crucial threats to the security of software system, and a method using model checking was proposed to precisely detect potential BO vulnerabilities in source code. This method converts detecting BO vulnerabilities to verifying the reachability of certain position in programs by static analysis. Then model checking was used to do the verification job. Based on GCC and Blast, a prototype system to precisely detect BO vulnerabilities was developed for this method. At last, wu-ftpd, minicom and CoreHTTP was checked by the prototype system, which not only detected those known BO vulnerabilities but also some unknown BO vulnerabilities.

引用

页码：2200 / 2204

共 50 条

[31] A Security Design for the Detecting of Buffer Overflow Attacks in IoT Device
Xu, Bin
Wang, Weike
Hao, Qiang
Zhang, Zhun
Du, Pei
Xia, Tongsheng
Li, Hongge
Wang, Xiang
IEEE ACCESS, 2018, 6 : 72862 - 72869
[32] Software Vulnerabilities by Example: A Fresh Look at the Buffer Overflow Problem-Bypassing SafeSEH
Kimball, William B.
Perugini, Saverio
JOURNAL OF INFORMATION ASSURANCE AND SECURITY, 2012, 7 (01): : 1 - 13
[33] Research of buffer overflow vulnerabilities detection based on novel K-means clustering
Cao, Laicheng
Su, Xiangqian
Wu, Youxiao
Journal of Computational Information Systems, 2015, 11 (04): : 1453 - 1461
[34] Detecting buffer overflow via automatic test input data generation
Del Grosso, C.
Antoniol, G.
Merlo, E.
Galinier, P.
COMPUTERS & OPERATIONS RESEARCH, 2008, 35 (10) : 3125 - 3143
[35] BUFFER OVERFLOW
Spruth, W. G.
COMPUTER, 2012, 45 (08) : 7 - 7
[36] Enforcement of architectural safety guards to deter malicious code attacks through buffer overflow vulnerabilities
Choi, L
Shin, Y
ORGANIC AND PERVASIVE COMPUTING - ARCS 2004, 2004, 2981 : 47 - 60
[37] A methodology for the automated identification of buffer overflow vulnerabilities in executable software without source-code
Duraes, J
Madeira, H
DEPENDABLE COMPUTING, PROCEEDINGS, 2005, 3747 : 20 - 34
[38] Predicting Buffer Overflow Vulnerabilities through Mining Light-Weight Static Code Attributes
Padmanabhuni, Bindu Madhavi
Tan, Hee Beng Kuan
2014 IEEE INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING WORKSHOPS (ISSREW), 2014, : 317 - 322
[39] A Study of Overflow Vulnerabilities on GPUs
Di, Bang
Sun, Jianhua
Chen, Hao
NETWORK AND PARALLEL COMPUTING, 2016, 9966 : 103 - 115
[40] A novel approach for analyzing buffer overflow vulnerabilities in binary executables by using machine learning techniques
Durmus, Gursoy
Sogukpinar, Ibrahim
JOURNAL OF THE FACULTY OF ENGINEERING AND ARCHITECTURE OF GAZI UNIVERSITY, 2019, 34 (04): : 1695 - 1704

← 1 2 3 4 5 →