Buffer Overflow Detection via Static Analysis: Expectations vs. Reality
نویسندگان
چکیده
منابع مشابه
Precise Buffer Overflow Detection via Model Checking
Buffer overflows are the source of a vast majority of vulnerabilities in today’s software. Existing solution for detecting buffer overflow, either statically or dynamically, have serious drawbacks that hinder their wider adoption by practitioners. In this paper we present an automated overflow detection technique based on model checking and iterative refinement. We discuss advantages, and limit...
متن کاملRICB: Integer Overflow Vulnerability Dynamic Analysis via Buffer Overflow
Integer overflow vulnerability will cause buffer overflow. The research on the relationship between them will help us to detect integer overflow vulnerability. We present a dynamic analysis methods RICB (Runtime Integer Checking via Buffer overflow). Our approach includes decompile execute file to assembly language; debug the execute file step into and step out; locate the overflow points and c...
متن کاملDynamic Buffer Overflow Detection
The capabilities of seven dynamic buffer overflow detection tools (Chaperon, Valgrind, CCured, CRED, Insure++, ProPolice and TinyCC) are evaluated in this paper. These tools employ different approaches to runtime buffer overflow detection and range from commercial products to opensource gcc-enhancements. A comprehensive testsuite was developed consisting of specifically-designed test cases and ...
متن کاملAccurate Buffer Overflow Detection via Abstract Payload Execution
Static buffer overflow exploits belong to the most feared and frequently launched attacks on todays Internet. These exploits target vulnerabilities in daemon processes which provide important network services. Ever since the buffer overflow hacking technique has reached a broader audience due to the Morris Internet worm in 1988 and the infamous paper by AlephOne in the phrack magazine, new weak...
متن کاملUsing a Diagnostic Corpus of C Programs to Evaluate Buffer Overflow Detection by Static Analysis Tools*
A corpus of 291 small C-program test cases was developed to evaluate static and dynamic analysis tools designed to detect buffer overflows. The corpus was designed and labeled using a new, comprehensive buffer overflow taxonomy. It provides a benchmark to measure detection, false alarm, and confusion rates of tools, and also suggests areas for tool enhancement. Experiments with five tools demon...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Proceedings of the Institute for System Programming of the RAS
سال: 2018
ISSN: 2079-8156,2220-6426
DOI: 10.15514/ispras-2018-30(3)-2