Jingbo Yuan,Shunli Ding

DOI: https://doi.org/10.1109/iccsn.2011.6013572

2011-01-01

Abstract:Buffer overflow vulnerabilities are currently the most prevalent security vulnerability. The paper presents a method that combines static analysis with dynamic test to deal with the problem on buffer overflow vulnerabilities detecting. By using the method we can identify potential weakness locations. A buffer overflow vulnerabilities testing system was developed. The experiment results tested and verified that the new methodology is feasibility and availability.

XIA Chao,QIU Wei-dong

DOI: https://doi.org/10.3969/j.issn.1000-3428.2008.22.065

2008-01-01

Abstract:This paper proposes a method to detect buffer-overflow vulnerabilities for executables.Combining dynamic analysis and static analysis, it makes further detection of buffer-overflow vulnerabilities.Static methods mainly deal with the internal semantic relationship of assembly instructions and the properties of a function's stack frame for executables.Dynamic emulation provides a virtual run-time environment,which enables the program to combine its static properties while virtually executed,and then it can get the function's semantic results on buffer manipulation,and determine whether there is a buffer-overflow vulnerability.

xiaoyu wang,qiaoyan wen,zhao zhang

DOI: https://doi.org/10.2991/lemcs-14.2014.70

2014-01-01

Abstract:Buffer overflow has become the most common software vulnerability, which seriously restricts the development of the software industry. It's very essential t o find out an effective method to detect this kind of software bugs accurately. In this paper, we design an improved buffer overflow detection system. At first, our system preprocesses the source code to add some auxiliary detection symbols. Then, it scans the source code by a static detector, which uses the identifier for auxiliary detection and combines with a dynamic detection method to improve the recognition accuracy and detection capability. Finally, we make a comparison between our system and the original detection system. To assess the usefulness of this approach, several experiments are performed on a simulation system, and we can draw a conclusion that our system performs better than other detection software. The method proposed in this paper is of the important application value and can improve detection accuracy.

Huan Ying,Yanmiao Zhang,Lifang Han,Yushi Cheng,Jiyuan Li,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1109/ITNEC.2019.8729362

2019-01-01

Abstract:As a modern power transmission network, smart grid connects plenty of terminal devices. However, along with the growth of devices are the security threats. Different from the previous separated environment, an adversary nowadays can destroy the power system by attacking these devices. Therefore, it’s critical to ensure the security and safety of terminal devices. To achieve this goal, detecting the pre-existing vulnerabilities of the device program and enhance the terminal security, are of great importance and necessity. In this paper, we propose a novel approach that detects existing buffer-overflow vulnerabilities of terminal devices via automatic static analysis (ASA). We utilize the static analysis to extract the device program information and build corresponding program models. By further matching the generated program model with pre-defined vulnerability patterns, we achieve vulnerability detection and error reporting. The evaluation results demonstrate that our method can effectively detect buffer-overflow vulnerabilities of smart terminals with a high accuracy and a low false positive rate.

Bo Wu,Yufeng Ma,Qian Zhang,Fengchen Qian

DOI: https://doi.org/10.23977/meet.2019.93720

2019-01-01

Abstract:Buffer overflows in C and C++ programs are among the most common and serious classes of software vulnerabilities for two decades. To mitigate and to eradicate this security threat, many detection approaches based on static and dynamic analysis techniques have been proposed. This paper aims to provide an alternative and multipath solution to existing symbolic execution approaches by catching the red-zones in memory, rather than the strict memory object bounds, which are absolute vulnerable to buffer overflows. From the observations of buffer overflow attacks that are commonly overwrite a special position to exploit the vulnerabilities, in this paper, we propose a multipath dynamic buffer overflow detecting approach (symbolic-execution-based), relying on catching the red-zones in the stack and heap memory. We examine every memory store operation both in concrete addresses and symbolic pointers, whose writing size should never overlap or cross a red-zone position. We implement a practical dynamic checking tool called MACBin based on S2E platform. We apply it to test several real world software, the results show that MACBin is useful and effective at detecting buffer overflow vulnerabilities.

Minglei SHANG,Hao HUANG

DOI: https://doi.org/10.3969/j.issn.1000-3428.2005.12.014

2005-01-01

Abstract:The principle of buffer overflow and overflow string are analyzed.Then several typical real-time buffer overflow attacks detectionmethods are analyzed.At last, a real-time buffer overflow attack detection approach based on system calls is presented.This approach adds mandatoryaccess control to original system call function by the means of hijacking system calls.In the way of monitoring illegal system calls,it can detect andprevent various buffer overflow attacks of improving priviledge.

Rui Ma,Yiming Yan,Long Wang,Changzhen Hu,Jingfeng Xue

2016-01-01

Abstract:Buffer overflow vulnerability is currently one of the most serious software security vulnerabilities. Taking effective methods to detect buffer overflow vulnerabilities is of great significance to improve the robustness and security of software. After analyzing the principle of buffer overflow and various buffer overflow vulnerabilities, as well as comparing static with dynamic detection techniques, this paper presents a static detection method for buffer overflow based on abstract syntax tree, especially for vulnerabilities caused by string accessing of C source code. The proposed method first generates an abstract syntax tree for the source code by using the GCC compiler, and collects the characteristics of vulnerability by analyzing AST nodes. For the nodes associated with the buffer overflow, the method further gives a formal description of that characteristic so as to generate security attributed and constraint rules. By traversing the abstract syntax tree, the proposed method finally determines whether buffer overflow vulnerability exists in the source code. Experiments with 12 C programs were carried out on the Windows platform, and each program has been discovered at least one typical buffer overflow vulnerability. The experimental results highlight the feasibility and effectiveness of the proposed method, especially in the detecting out of range for a pointer, an array, and a structure object, as well as the buffer overflow vulnerability caused by some C library function calls.

Luhang Xu,Weixi Jia,Wei Dong,Yongjun Li

DOI: https://doi.org/10.1109/qrs-c.2018.00085

2018-01-01

Abstract:Buffer overflow vulnerabilities are widely found in software. Finding these vulnerabilities and identifying whether these vulnerabilities can be exploit is very important. However, it is not easy to find all of the buffer overflow vulnerabilities in software programs, and it is more difficult to find and exploit these vulnerabilities in binary programs. This paper proposes a method and a corresponding tool that automatically finds buffer overflow vulnerabilities in binary programs, and then automatically generate exploit for the vulnerability. The tool uses symbolic execution to search the target software and find potential buffer overflow vulnerabilities, then try to bypass system protection by choosing different exploiting method according to the different level of protections. Finally, the exploit of software vulnerability is generated using constraint solver. The method and tool can automatically find vulnerabilities and generate exploits for three kinds of protection: without system protection, with address space layout randomization protection, and with stack non-executable protection.

SHI Sheng-li,REN Ping-an

DOI: https://doi.org/10.3969/j.issn.1000-3428.2011.10.037

2011-01-01

Abstract:According to the features that the attacker usual depends on modifying function return address or function entry address to change the program execution sequence and the structural characteristics of ELF file,while calling function and returning after function calling,certain specific information is dealed with in order to detect attack action.This paper presents a new approach of detecting buffer overflow attacks at runtime depending on the pin that is a tool for the dynamic program monitoring and provides numbers of API functions to design a tool which executives runtime program.Case analysis shows that the method does not need alter the software and hardware system.

Si-Hao SHAO,Qing GAO,Sen MA,Fu-Yao DUAN,Xiao MA,Shi-Kun ZHANG,Jin-Hua HU

DOI: https://doi.org/10.13328/j.cnki.jos.005504

2018-01-01

Abstract:First,in this paper,the breadth and risk of buffer overflow vulnerabilities are introduced.Then,from the aspect of how to exploit a buffer overflow vulnerability,an overview is provided on the definition of buffer overflow vulnerabilities,memory organization in operation systems,and classification of buffer overflow attacks.Based on the research,buffer overflow analysis technologies are classified into three categories:automatic detection,automatic repair,and run-time protection.Each types of technologies are introduced,analyzed and discussed according to the classification.Finally,three possible research directions in the field of buffer overflow vulnerability analysis are discussed:(1) analyzing binary code;(2) using machine learning algorithms;(3) combining multiple technologies for analysis.

Tao Ye,Lingming Zhang,Linzhang Wang,Xuandong Li

DOI: https://doi.org/10.1109/ICST.2016.21

2016-01-01

Abstract:Buffer overflow is one of the most common types of software security vulnerabilities. Although researchers have proposed various static and dynamic techniques for buffer overflow detection, buffer overflow attacks against both legacy and newly-deployed software systems are still quite prevalent. Compared with dynamic detection techniques, static techniques are more systematic and scalable. However, there are few studies on the effectiveness of state-of-the-art static buffer overflow detection techniques. In this paper, we perform an in-depth quantitative and qualitative study on static buffer overflow detection. More specifically, we obtain both the buggy and fixed versions of 100 buffer overflow bugs from 63 real-world projects totalling 28 MLoC (Millions of Lines of Code) based on the reports in Common Vulnerabilities and Exposures (CVE). Then, quantitatively, we apply Fortify, Checkmarx, and Splint to all the buggy versions to investigate their false negatives, and also apply them to all the fixed versions to investigate their false positives. We also qualitatively investigate the causes for the false-negatives and false-positives of studied techniques to guide the design and implementation of more advanced buffer overflow detection techniques. Finally, we also categorized the patterns of manual buffer overflow repair actions to guide automated repair techniques for buffer overflow. The experiment data is available at http://bo-study.github.io/Buffer-Overflow-Cases/.

JiaYu Li,Ye Yao,Yian Zhu,Mutitaba,Yongkai Zhang,Hang Li

DOI: https://doi.org/10.1109/icnisc60562.2023.00011

2023-01-01

Abstract:The paper presented and implemented a C-Scanner source code vulnerability detection tool, which can solve the buffer overflow problem. The main idea was to rewrite the source code of a C or C++, so that the resulting code contained the safe version of the old vulnerable functions, which may contain a buffer overflow security problem. If rewriting was not possible, due to some reasons, a warning was issued along with a hint to solve the problem if it was possible. C-Scanner in this paper took the C or C++ source code as input, and then it did a parsing process. Every time it encountered a vulnerable function call, it classified this function call. If this function call was belonging to a category of its interest, then it would rewrite this vulnerable function by a safe version, which prevented the buffer overflow vulnerability.

XU Qi-jie,XUE Zhi

DOI: https://doi.org/10.3969/j.issn.1000-3428.2007.16.049

2007-01-01

Abstract:Buffer overflow attack is one of the most threatening attack types and it jeopardizes information security a lot.According to the principle of the attack,this paper generalizes three necessary steps of a buffer overflow attack.It divides the most popular technologies of buffer overflow attack detection into three types in light of detecting the three attack steps,and also analyzes and studies those technologies.

Wenbing XIE,Xiaodong MA,Zhongsheng LI,Xiamu NIU

DOI: https://doi.org/10.3778/j.issn.1002-8331.1407-0160

2016-01-01

Abstract:Due to the lack of boundary checking mechanism, buffer overflow is one of the most serious attacks against C/C++programs. This paper presents a runtime countermeasure for buffer overflow attack. Through duplicating the control flow information with array which declared in the dynamic link libraries, including the return address and the frame pointer of each function, illegal overwriting can be detected dynamically. This method can both detect direct and indirect attack in the buffer overflow attack. Experiments based on the RIPE testbed and two practical tests as well as theoretical analysis show the effectiveness of this method.

Lei Wang,Ping Wang

DOI: https://doi.org/10.12720/IJOEE.1.3.127-131

2013-01-01

Abstract:Buffer overflow has been one of the most outstanding attacks in the last ten years. This kind of vulnerability may compromise the system security by various means. Existing solutions to this problem have focused on the execution environment of the malicious program rather than the hypostasis of buffer overflow and most of them try to detect buffer overflows dynamically. This paper presents the effort of applying a static analysis approach against the programs exploiting buffer overflow and the method adopted is named Proof-Carrying Code (PCC). This paper shows that: (1) it is possible to defend against most of the buffer overflow vulnerabilities with proper use of PCC; and (2) the method is well prepared to handle the coming-up variants of the buffer overflow problems. 

Computer Science

Ming YIN,Gongxuan ZHANG

DOI: https://doi.org/10.3969/j.issn.1671-7775.2016.04.013

2016-01-01

Abstract:According to the causes of buffer overflows,a novel detection method was proposed based on source code analysis.The sources were pre-processed and analyzed statically to construct relevant abstract syntax tree,control flow graph,function call graph and variable table in sequence.A finite automata based on the developed detection model was created to detect overflows.The C/C ++program with common buffer overflows was used to demonstrate the proposed method.The extensive experimental results show that compared to existing methods,the proposed detection model can detect all buffer overflow vulnerabilities efficiently.The dangerous function calls and the overflow filtering mechanism in the code can be recognized to reduce false positive rate.The proposed method can also be easily extended to detect the buffer overflows in the codes of other language source.

XIA Jian-jun,SUN Le-chang,LIU Jing-ju,ZHANG Min,CAI Ming

DOI: https://doi.org/10.3969/j.issn.1001-3695.2011.09.095

2011-01-01

Abstract:Buffer overflow(BOF) is always one of the most dangerous vulnerabilities to computer security.This paper proposed multi-dimentional Fuzzing of buffer overflow(MFBOF),which was based on multi-dimentional Fuzzing technology,combined the structure knowledge of target's input,static binary code analysis and dynamic I/O analysis technique,generated test cases using adaptive simulated annealing genetic algorithm.The results of testing Libpng validate that MFBOF is effective.At last,this paper gave its further improvement directions.

XU Chao,HE Yan-xiang,HU Ming-hao,WU Wei,CHEN Yong,LIU Jian-bo

DOI: https://doi.org/10.3969/j.issn.1001-3695.2012.02.057

2012-01-01

Abstract:To enhance the buffer overflow detection for programs,this paper put forward a testing method based the analysis for C programs using CCured and BLAST.Firstly,the method used CCured to insert runtime detections into C program,and then described the constraints of the detections with the customized security-attribute language provided by BLAST.At last,according to the descriptions,BLAST could do model checking on the programs to find out the potential buffer overflow vulnerabilities in the programs as far as possible.

ZHANG Jun-xian,LI Zhou-jun

DOI: https://doi.org/10.13190/j.jbupt.2016.s.012

2016-01-01

Abstract:Buffer overflow is a source of many security problems in C programs. A new tool named Path-Checker to detect buffer overflows in C codes using dynamic symbolic execution method is proposed. PathChecker uses quantifier-free predicate formulas to describe the safety properties of buffer access oper-ations and check these properties using a SMT solver. Experimental results show the effectiveness of this tool which is very easy to extend to check other safety properties.

WANG Ye-jun,NI Xi-zhen,WEN Wei-ping,JIANG Jian-chun

DOI: https://doi.org/10.3969/j.issn.1001-3695.2005.10.033

2005-01-01

Abstract:The buffer overflow attacks have been the most common form in the network attacks and become a predominant problem in the system and network security area. After the principle of the buffer overflow attack is explained, this paper analyzes the causes leading to the attacks. Then the usual attack types the attackers often exploit are presented. Last, the common measures to defend these attacks and my own idea about the solution of this problem by modifying the compiler and the relevant functions of the system are given.