Precisely detecting buffer overflow vulnerabilities

被引:0
|
作者
Wang, Lei [1 ]
Li, Ji [1 ]
Li, Bo-Yang [1 ]
机构
[1] Computer School, Beihang University, Beijing 100083, China
来源
Tien Tzu Hsueh Pao/Acta Electronica Sinica | 2008年 / 36卷 / 11期
关键词
Static analysis - Buffer storage;
D O I
暂无
中图分类号
学科分类号
摘要
Buffer overflow (BO) vulnerability is one of the most crucial threats to the security of software system, and a method using model checking was proposed to precisely detect potential BO vulnerabilities in source code. This method converts detecting BO vulnerabilities to verifying the reachability of certain position in programs by static analysis. Then model checking was used to do the verification job. Based on GCC and Blast, a prototype system to precisely detect BO vulnerabilities was developed for this method. At last, wu-ftpd, minicom and CoreHTTP was checked by the prototype system, which not only detected those known BO vulnerabilities but also some unknown BO vulnerabilities.
引用
收藏
页码:2200 / 2204
相关论文
共 50 条
  • [41] The random forests model of detecting network-based buffer overflow attacks
    Zhai, J. Q.
    Zhou, Y. Y.
    INFORMATION SCIENCE AND ELECTRONIC ENGINEERING, 2017, : 411 - 414
  • [42] Detecting Integer Overflow Vulnerabilities in Binary Executables Based on Target Filtering and Dynamic Taint Tracing
    CUI Baojiang
    LIANG Xiaobing
    ZHAO Bing
    ZHAI Feng
    WANG Jianxin
    ChineseJournalofElectronics, 2014, 23 (02) : 348 - 352
  • [43] Detecting Integer Overflow Vulnerabilities in Binary Executables Based on Target Filtering and Dynamic Taint Tracing
    Cui Baojiang
    Liang Xiaobing
    Zhao Bing
    Zhai Feng
    Wang Jianxin
    CHINESE JOURNAL OF ELECTRONICS, 2014, 23 (02) : 348 - 352
  • [44] Detecting integer overflow vulnerabilities in binary executables based on Target filtering and dynamic taint tracing
    1600, Chinese Institute of Electronics (23):
  • [45] Taxonomy of C Overflow Vulnerabilities Attack
    Ahmad, Nurul Haszeli
    Aljunid, Syed Ahmad
    Ab Manan, Jamalul-lail
    SOFTWARE ENGINEERING AND COMPUTER SYSTEMS, PT 2, 2011, 180 : 376 - +
  • [46] Smart fuzzing method for detecting stack-based buffer overflow in binary codes
    Mouzarani, Maryam
    Sadeghiyan, Babak
    Zolfaghari, Mohammad
    IET SOFTWARE, 2016, 10 (04) : 96 - 107
  • [47] A Smart Fuzzing Method for Detecting Heap-Based Buffer Overflow in Executable Codes
    Mouzarani, Maryam
    Sadeghiyan, Babak
    Zolfaghari, Mohammad
    2015 IEEE 21ST PACIFIC RIM INTERNATIONAL SYMPOSIUM ON DEPENDABLE COMPUTING (PRDC), 2015, : 42 - 49
  • [48] Method of integer overflow detection to avoid buffer overflow
    School of Computer Science and Engineering, Southeast University, Nanjing 211189, China
    不详
    J. Southeast Univ. Engl. Ed., 2009, 2 (219-223):
  • [49] A Taxonomy of Buffer Overflow Characteristics
    Bishop, Matt
    Engle, Sophie
    Howard, Damien
    Whalen, Sean
    IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2012, 9 (03) : 305 - 317
  • [50] The Cost of Preventing a Buffer Overflow
    Gordonov, Anatoliy S.
    2014 ZONE 1 CONFERENCE OF THE AMERICAN SOCIETY FOR ENGINEERING EDUCATION (ASEE ZONE 1), 2014,
12345