Precisely detecting buffer overflow vulnerabilities

被引：0

作者：

Wang, Lei ^{[1
]}

Li, Ji ^{[1
]}

Li, Bo-Yang ^{[1
]}

机构：

[1] Computer School, Beihang University, Beijing 100083, China

来源：

Tien Tzu Hsueh Pao/Acta Electronica Sinica | 2008年 / 36卷 / 11期

关键词：

Static analysis - Buffer storage;

D O I：

暂无

中图分类号：

学科分类号：

摘要：

Buffer overflow (BO) vulnerability is one of the most crucial threats to the security of software system, and a method using model checking was proposed to precisely detect potential BO vulnerabilities in source code. This method converts detecting BO vulnerabilities to verifying the reachability of certain position in programs by static analysis. Then model checking was used to do the verification job. Based on GCC and Blast, a prototype system to precisely detect BO vulnerabilities was developed for this method. At last, wu-ftpd, minicom and CoreHTTP was checked by the prototype system, which not only detected those known BO vulnerabilities but also some unknown BO vulnerabilities.

引用

页码：2200 / 2204

共 50 条

[1] Method for precisely detecting buffer overflow vulnerabilities in C programs
School of Computer Science and Technology, Beijing University of Aeronautics and Astronautics, Beijing 100083, China
Beijing Hangkong Hangtian Daxue Xuebao, 2008, 3 (319-322): : 319 - 322
[2] A Combinatorial Approach to Detecting Buffer Overflow Vulnerabilities
Wang, Wenhua
Lei, Yu
Liu, Donggang
Kung, David
Csallner, Christoph
Zhang, Dazhi
Kacker, Raghu
Kuhn, Rick
2011 IEEE/IFIP 41ST INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS AND NETWORKS (DSN), 2011, : 269 - 278
[3] Statically detecting likely buffer overflow vulnerabilities
Larochelle, D
Evans, D
USENIX ASSOCIATION PROCEEDINGS OF THE 10TH USENIX SECURITY SYMPOSIUM, 2001, : 177 - 189
[4] Static analysis method for detecting buffer overflow vulnerabilities
Puchkov, FM
Shapchenko, KA
PROGRAMMING AND COMPUTER SOFTWARE, 2005, 31 (04) : 179 - 189
[5] Static Analysis Method for Detecting Buffer Overflow Vulnerabilities
F. M. Puchkov
K. A. Shapchenko
Programming and Computer Software, 2005, 31 : 179 - 189
[6] Buffer overflow and format string overflow vulnerabilities
Lhee, KS
Chapin, SJ
SOFTWARE-PRACTICE & EXPERIENCE, 2003, 33 (05): : 423 - 460
[7] ELAID: detecting integer-Overflow-to-Buffer-Overflow vulnerabilities by light-weight and accurate static analysis
Xu, Lili
Xu, Mingjie
Li, Feng
Huo, Wei
CYBERSECURITY, 2020, 3 (01)
[8] ELAID: detecting integer-Overflow-to-Buffer-Overflow vulnerabilities by light-weight and accurate static analysis
Lili Xu
Mingjie Xu
Feng Li
Wei Huo
Cybersecurity, 3
[9] Defending against Buffer-Overflow Vulnerabilities
Padmanabhuni, Bindu Madhavi
Tan, Hee Beng Kuan
COMPUTER, 2011, 44 (11) : 53 - 60
[10] ASSESSING TEST SUITES FOR BUFFER OVERFLOW VULNERABILITIES
Shahriar, Hossain
Zulkernine, Mohammad
INTERNATIONAL JOURNAL OF SOFTWARE ENGINEERING AND KNOWLEDGE ENGINEERING, 2010, 20 (01) : 73 - 101

← 1 2 3 4 5 →