Advanced Search
Volume 34 Issue 03
Mar.  2008
Turn off MathJax
Article Contents
Journal of Beijing University of Aeronautics and Astronautics  > 2008  >  34(03): 319-322.
Li Ji, Wang Lei. Method for precisely detecting buffer overflow vulnerabilities in C programs[J]. Journal of Beijing University of Aeronautics and Astronautics, 2008, 34(03): 319-322. (in Chinese)
Citation: Li Ji, Wang Lei. Method for precisely detecting buffer overflow vulnerabilities in C programs[J]. Journal of Beijing University of Aeronautics and Astronautics, 2008, 34(03): 319-322. (in Chinese)
shu

Method for precisely detecting buffer overflow vulnerabilities in C programs

  • School of Computer Science and Technology, Beijing University of Aeronautics and Astronautics, Beijing 100083, China

  • Received Date: 29 Jun 2007
  • Publish Date: 31 Mar 2008
    Abstract
  • Buffer overflow (BO) vulnerability in C programs is one of the most crucial threats to the security of a system. Using tools to detect and eliminate this kind of vulnerability in programs will give the system sufficient ability to maintain security environment. For the scarcity of accuracy in detecting BO vulnerabilities, current bug-hunting tools can not precisely detect BO vulnerabilities. A new method was proposed, which uses model checking, to precisely detect potential BO in C programs. This method converts detecting BO vulnerabilities to verifying the reachability of certain position in programs and uses model checking tool to do the verification job. Using this method, a prototype system has been developed and been tested with some benchmarks. The early results show that this method can precisely detect BO vulnerabilities in C programs.

     

    • FullText(HTML)
  • loading
    • References(1)
  • [1] Cowan C, Wagle P, Pu C, et al. Buffer overflows: attacks and defenses for the vulnerability of the decade DARPA Information Survivability Conference and Expo (DISCEX). Hilton Head, SC: IEEE Computer Society Press, 2000:154-163 [2] Necula G C, McPeak S, Weimer W. CCured: typesafe retrofitting of legacy code ACM SIGPLAN-SIGACT Conference on the Principles of Programming Languages (POPL). Portland: ACM Press, 2002:128-139 [3] Shankar U, Talwar K, Foster J S, et al. Detecting format string vulnerabilities with type qualifiers Proc of the 10th USENIX Security Symposium, 2001 [4] Zitser M. Securing software: an evaluation of static source code analyzers . Massachusetts: Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2003 [5] Henzinger T A, Jhala R, Majumdar R, et al. Lazy abstraction Proc of the 29th Annual Symp on Principles of Programming Languages (POPL) . New York:ACM, 2002:58-70 [6] Beyer D, Henzinger T A, Jhala R, et al. Checking memory safety with blast Proc of the FASE 2005. LNCS 3442.Heidelberg: Springer-Verlag, 2005,3442:2-18
    • Relative Articles
    • Supplements(0)
    • Cited By
  • 加载中

Catalog

    通讯作者: 陈斌, bchen63@163.com
    • 1. 

      沈阳化工大学材料科学与工程学院 沈阳 110142

    1. 本站搜索
    2. 百度学术搜索
    3. 万方数据库搜索
    4. CNKI搜索
    Get Citation
    PDF
    XML

    Article Metrics

    Article views(2462) PDF downloads(2303) Cited by()
    Proportional views
    Related

    Copyright © Journal of Beijing University of Aeronautics and Astronautics

    Address: Editorial Department of Journal of Beijing University of Aeronautics and Astronautics, 37 Xueyuan Road, Haidian District, Beijing Post Code: 100191 Email: jbuaa@buaa.edu.cn

    Supported by: Beijing Renhe Information Technology Co., Ltd.  

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return