Huan Ying,Yanmiao Zhang,Lifang Han,Yushi Cheng,Jiyuan Li,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1109/ITNEC.2019.8729362

2019-01-01

Abstract:As a modern power transmission network, smart grid connects plenty of terminal devices. However, along with the growth of devices are the security threats. Different from the previous separated environment, an adversary nowadays can destroy the power system by attacking these devices. Therefore, it’s critical to ensure the security and safety of terminal devices. To achieve this goal, detecting the pre-existing vulnerabilities of the device program and enhance the terminal security, are of great importance and necessity. In this paper, we propose a novel approach that detects existing buffer-overflow vulnerabilities of terminal devices via automatic static analysis (ASA). We utilize the static analysis to extract the device program information and build corresponding program models. By further matching the generated program model with pre-defined vulnerability patterns, we achieve vulnerability detection and error reporting. The evaluation results demonstrate that our method can effectively detect buffer-overflow vulnerabilities of smart terminals with a high accuracy and a low false positive rate.

Si-Hao SHAO,Qing GAO,Sen MA,Fu-Yao DUAN,Xiao MA,Shi-Kun ZHANG,Jin-Hua HU

DOI: https://doi.org/10.13328/j.cnki.jos.005504

2018-01-01

Abstract:First,in this paper,the breadth and risk of buffer overflow vulnerabilities are introduced.Then,from the aspect of how to exploit a buffer overflow vulnerability,an overview is provided on the definition of buffer overflow vulnerabilities,memory organization in operation systems,and classification of buffer overflow attacks.Based on the research,buffer overflow analysis technologies are classified into three categories:automatic detection,automatic repair,and run-time protection.Each types of technologies are introduced,analyzed and discussed according to the classification.Finally,three possible research directions in the field of buffer overflow vulnerability analysis are discussed:(1) analyzing binary code;(2) using machine learning algorithms;(3) combining multiple technologies for analysis.

Tao Ye,Lingming Zhang,Linzhang Wang,Xuandong Li

DOI: https://doi.org/10.1109/ICST.2016.21

2016-01-01

Abstract:Buffer overflow is one of the most common types of software security vulnerabilities. Although researchers have proposed various static and dynamic techniques for buffer overflow detection, buffer overflow attacks against both legacy and newly-deployed software systems are still quite prevalent. Compared with dynamic detection techniques, static techniques are more systematic and scalable. However, there are few studies on the effectiveness of state-of-the-art static buffer overflow detection techniques. In this paper, we perform an in-depth quantitative and qualitative study on static buffer overflow detection. More specifically, we obtain both the buggy and fixed versions of 100 buffer overflow bugs from 63 real-world projects totalling 28 MLoC (Millions of Lines of Code) based on the reports in Common Vulnerabilities and Exposures (CVE). Then, quantitatively, we apply Fortify, Checkmarx, and Splint to all the buggy versions to investigate their false negatives, and also apply them to all the fixed versions to investigate their false positives. We also qualitatively investigate the causes for the false-negatives and false-positives of studied techniques to guide the design and implementation of more advanced buffer overflow detection techniques. Finally, we also categorized the patterns of manual buffer overflow repair actions to guide automated repair techniques for buffer overflow. The experiment data is available at http://bo-study.github.io/Buffer-Overflow-Cases/.

Ying Liu,Dongqin Feng

DOI: https://doi.org/10.1109/iccasit48058.2019.8973161

2019-01-01

Abstract:Computer network technology has been increasingly infiltrated into the industrial control system and made the security problems more complex and changeable. Network security situation awareness technology can perceive the real-time threats that the network faced, and provide reliable basis for decision-making. This paper mainly focuses on the situation assessment and introduces finite state machine and fuzzy logic theory. Finite state machine can intuitively show the internal state transition of the industrial control system and detect the malicious packet attack's type and severity. Fuzzy logic balances the semantic fuzziness and event uncertainty in the process of situation assessment, fuses the output data of the state machine and obtains the threat level which is helpful for decision analysis. Proved, the method proposed in this paper can give a reasonable and accurate security assessment of industrial control system.

XIA Jian-jun,SUN Le-chang,LIU Jing-ju,ZHANG Min,CAI Ming

DOI: https://doi.org/10.3969/j.issn.1001-3695.2011.09.095

2011-01-01

Abstract:Buffer overflow(BOF) is always one of the most dangerous vulnerabilities to computer security.This paper proposed multi-dimentional Fuzzing of buffer overflow(MFBOF),which was based on multi-dimentional Fuzzing technology,combined the structure knowledge of target's input,static binary code analysis and dynamic I/O analysis technique,generated test cases using adaptive simulated annealing genetic algorithm.The results of testing Libpng validate that MFBOF is effective.At last,this paper gave its further improvement directions.

Minglei SHANG,Hao HUANG

DOI: https://doi.org/10.3969/j.issn.1000-3428.2005.12.014

2005-01-01

Abstract:The principle of buffer overflow and overflow string are analyzed.Then several typical real-time buffer overflow attacks detectionmethods are analyzed.At last, a real-time buffer overflow attack detection approach based on system calls is presented.This approach adds mandatoryaccess control to original system call function by the means of hijacking system calls.In the way of monitoring illegal system calls,it can detect andprevent various buffer overflow attacks of improving priviledge.

GUO Lin,YAN Fen,CAI Wei-Jun,HUANG Hao

DOI: https://doi.org/10.3969/j.issn.1002-137X.2006.12.018

2006-01-01

Computer Science

Abstract:The remote buffer overflow vulnerability is the most serious security vulnerability in network security domain. How to enhance the defense abilty to remote buffer overflow attack becomes an important research subject. In this paper, the authors put forward a model of defense remote buffer overflow attack based on slice technology. The constructing idea and the structure of the model are given, and the realization technology and method of each module cell are described. In the last of this paper, the authors validate the validity of the model via experimentation. In the same time, give an impersonal analysis and remark to the influence of model performance caused by each factor.

Lanlan Qi,Jiangtao Wen,Yu Chen,Qixue Xiao

DOI: https://doi.org/10.16511/j.cnki.qhdxxb.2014.09.020

2014-01-01

Abstract:Different software vulnerabilities have different characteristics.220 integer overflow vulnerabilities are analyzed to develop three kinds of detection strategies to reduce the false positives from static analyses.Static analyses identify the type of integer overflow while dynamic analyses accurately identify the integer overflow vulnerability.This method combines the advantages of the two analyses to detect vulnerabilities.The static analysis is used to detect the integer overflow and obtain the integer overflow type and related information.This information is then used by the dynamic analysis to insert hooks into the code using the automatic pile technique.Then,the algorithm calls the integer overflow marker interface and performs symbolic execution with the reconstruction expressions.This method is used to analyze the Lighttpd-1.4.29 and Linux kernel 3.4 systems.This method can greatly reduce the number of false positives.The number of false positives for Lighttpd-1.4.29 is reduced by 374,accounting for 67.3％ of the total.The number of false positives for Linux kernel 3.4 is reduced by 159 761,accounting for 98.2％ of the total.This system also successfully finds the CVE-2011-4362 and CVE-2013-1763 integer overflow vulnerabilities.

WANG Ye-jun,NI Xi-zhen,WEN Wei-ping,JIANG Jian-chun

DOI: https://doi.org/10.3969/j.issn.1001-3695.2005.10.033

2005-01-01

Abstract:The buffer overflow attacks have been the most common form in the network attacks and become a predominant problem in the system and network security area. After the principle of the buffer overflow attack is explained, this paper analyzes the causes leading to the attacks. Then the usual attack types the attackers often exploit are presented. Last, the common measures to defend these attacks and my own idea about the solution of this problem by modifying the compiler and the relevant functions of the system are given.

Wei Jiang

2002-01-01

Abstract:Buffer overflow attacking is a seriously problem in network security. The paper analyses deeply the principle and possible of buffer overflow attacking. At last propose the method to defense buffer overflow attacking in writing programmer.

Fengjuan Gao,Linzhang Wang,Xuandong Li

DOI: https://doi.org/10.1145/2970276.2970282

2016-01-01

Abstract:Buffer overflow is one of the most common types of software vulnerabilities. Various static analysis and dynamic testing techniques have been proposed to detect buffer overflow vulnerabilities. With automatic tool support, static buffer overflow detection technique has been widely used in academia and industry. However, it tends to report too many false positives fundamentally due to the lack of software execution information. Currently, static warnings can only be validated by manual inspection, which significantly limits the practicality of the static analysis. In this paper, we present BovInspector, a tool framework for automatic static buffer overflow warnings inspection and validated bugs repair. Given the program source code and static buffer overflow vulnerability warnings, BovInspector first performs warning reachability analysis. Then, BovInspector executes the source code symbolically under the guidance of reachable warnings. Each reachable warning is validated and classified by checking whether all the path conditions and the buffer overflow constraints can be satisfied simultaneously. For each validated true warning, BovInspector fix it with three predefined strategies. BovInspector is complementary to prior static buffer overflow discovery schemes. Experimental results on real open source programs show that BovInspector can automatically inspect on average of 74.9% of total warnings, and false warnings account for about 25% to 100% (on average of 59.9%) of the total inspected warnings. In addition, the automatically generated patches fix all target vulnerabilities. Further information regarding the implementation and experimental results of BovInspector is available at http://bovinspectortool.github.io/project/. And a short video for demonstrating the capabilities of BovInspector is now available at https://youtu.be/IMdcksROJDg.

Wang Chunlei,Zhao Gang,Dai Yiqi

DOI: https://doi.org/10.1109/ICCSIT.2009.5234950

2009-01-01

Abstract:This paper proposes a control flow based security analysis approach for binary executables. Through deeply investigating the theory of control flow security, we develop the Control Flow Security Model (CFSM) which includes the formal definitions for program semantics and security properties for control flow. CFSM specifies that program execution dynamically follows only certain paths, in accordance with a statically declared security properties specified as Control Flow Constraint Specification (CFCS). We have proposed an efficient control flow security analysis algorithm for verifying that a particular control flow model satisfies the associated security properties. Our work contributes to bridging the gap between abstract specifications of control flow security properties and actual control flow security analysis for binary executables. The effectiveness and the practical usefulness of the approach are exemplified by an illustrative analysis of heap overflow vulnerability.

WANG Chun-lei,LIU Qiang,ZHAO Gang,DAI Yi-qi

DOI: https://doi.org/10.3969/j.issn.1002-137X.2010.04.031

2010-01-01

Computer Science

Abstract:In order to analyze vulnerabilities in executable programs,a vulnerability analysis framework for binaries based upon model checking was proposed.Firstly,the abstract model of binary was defined,and the formal models of vulnerabilities based upon finite state automaton and the representations of software security attributes based upon event system were described.Then,the model checking based vulnerability analysis process and algorithm were proposed with respect to the abstract models of binaries and the security attributes to be checked.After that,the prototype of vulnerability analysis tool was designed and implemented based upon the framework.The illustrative sample program was analyzed to show in detail the principles of the framework,and the experimental results show the effectiveness of the analysis method.

Feng-Juan Gao,Yu Wang,Lin-Zhang Wang,Zijiang Yang,Xuan-Dong Li

DOI: https://doi.org/10.1007/s11390-020-0525-z

IF: 1.871

2020-01-01

Journal of Computer Science and Technology

Abstract:Static buffer overflow detection techniques tend to report too many false positives fundamentally due to the lack of software execution information. It is very time consuming to manually inspect all the static warnings. In this paper, we propose BovInspector, a framework for automatically validating static buffer overflow warnings and providing suggestions for automatic repair of true buffer overflow warnings for C programs. Given the program source code and the static buffer overflow warnings, BovInspector first performs warning reachability analysis. Then, BovInspector executes the source code symbolically under the guidance of reachable warnings. Each reachable warning is validated and classified by checking whether all the path conditions and the buffer overflow constraints can be satisfied simultaneously. For each validated true warning, BovInspector provides suggestions to automatically repair it with 11 repair strategies. BovInspector is complementary to prior static buffer overflow discovery schemes. Experimental results on real open source programs show that BovInspector can automatically validate on average 60% of total warnings reported by static tools.

SUN Hao,ZENG Qing-Kai

DOI: https://doi.org/10.13328/j.cnki.jos.004793

2015-01-01

Journal of Software

Abstract:In C/C++ language, limited rages represented by integer types and castings between different signs or widths cause integer-based weakness, including integer overflow, integer underflow, signedness error and truncation error. Attackers usually exploit them indirectly to commit damaging acts such as arbitrary code execution and denial of service. This paper presents a survey on integer-based vulnerabilities. A novel security model is proposed in view of behaviors resulting from the weakness occurrence, and the sufficient conditions in determining integer-based vulnerabilities are also presented. A thorough comparison among detecting methods is further conducted in consideration of covering sufficient conditions. Through an empirical study on real-world integer bug cases, the characteristics and distributions are discussed. Finally, the challenges and research directions of integer-based vulnerabilities are explored.

Lv Xinghang,Peng Tao,Chen Jia,Liu Junping,Hu Xinrong,He Ruhan,Jiang Minghua,Cao Wenli

DOI: https://doi.org/10.1007/s10489-022-04214-8

IF: 5.3

2022-01-01

Applied Intelligence

Abstract:Automatically detecting buffer overflow vulnerabilities is an important research topic in software security. Recent studies have shown that vulnerability detection performance utilizing deep learning-based techniques can be significantly enhanced. However, due to information loss during code representation, existing approaches cannot learn the features associated with vulnerabilities, leading to a high false negative rate (FNR) and low precision. To resolve the existing problems, we propose a method for buffer overflow vulnerability detection based on graph feature extraction (BovdGFE) in C/C++ programs. BovdGFE constructs the buffer overflow function samples. Then, we present a new representation structure, code representation sequence (CoRS), which incorporates the control flow, data dependencies, and syntax structure of the vulnerable code for reducing information loss during code representation. After the function samples are transformed into CoRS, a deep learning model is used to learn vulnerable features and perform vulnerability classification. The results of the experiments show that BovdGFE improves the precision and FNR by 6.3 % and 3.9 % respectively compared with state-of-the-art methods, which can significantly improve the capability of vulnerability detection.

Tieyun BAO,Fengjuan GAO,Yan ZHOU,You LI,Linzhang WANG,Xuandong LI

DOI: https://doi.org/10.19363/j.cnki.cn10-1380/tn.2016.02.005

2016-01-01

Abstract:Buffer overflow vulnerability is a kind of serious security defect. Currently there are dynamic and static ap-proaches to detect buffer overflow. The effectiveness of Dynamic tools depends on design of test case, and they often in-troduce execution overhead. Static program analysis techniques have been widely used in buffer overflow detection, which often report a large number of false warnings. Manual validating the results of static analysis is time consuming and er-ror-prone, which severely limits the usefulness of static analysis tools. Symbolic execution is a promising software testing and analysis technology, which systematically explore execution space of test program and generates test cases with high coverage. In this paper we propose a novel approach for automatic buffer overflow warnings validating based on symbolic execution.Our approach is consist of three steps:firstly detect the reachability of statements in static analysis path segment in inter procedural control flow graph and map the static path segment sets to complete path sets which are used to be val-idated;secondly guide the symbolic execution so that we only focus on the execution paths that cover the buffer overflow warnings generated by static program analysis through pruning useless path; finally construct warning path constraints according to buffer overflow vulnerability models at suspicios statements and classify results depend on the output of con-straint solver. Based on the proposed technique we implemented a prototype tool BOVTool and our experimental results on real open source programs show that the percentage of false warnings which do not need to be manually validated is 59.9%on average.

Zhangqi Zheng,Bing Zhang,Yongshan Liu,Jiadong Ren,Xuyang Zhao,Qian Wang

DOI: https://doi.org/10.1016/j.cose.2021.102572

2022-03-01

Abstract:Overflow vulnerability is a common and dangerous software vulnerability that can lead to information theft, resource control, system collapse and other hazards. However, recent studies on predicting software overflow vulnerability have failed to specifically analyze factors and features that can lead to each type of overflow vulnerability and have only focused on binary classification problems rather than multiclassification problems, which are inefficient and time-consuming. Therefore, this paper proposes a multiple-type overflow vulnerability prediction method based on a combination of features and a time series neural network algorithm. First, by analyzing software overflow vulnerability features, a method is proposed to extract the internal vulnerability features of program source code. Then, an IFS set of internal vulnerability features of software overflow vulnerability is constructed. Second, an EFS set of external vulnerability features of software overflow vulnerability is extracted using a source code static analysis tool. A software overflow vulnerability feature library is constructed based on the IFS set and the EFS set. Finally, a multiple-type overflow vulnerability prediction method is constructed based on a time series bidirectional recurrent neural network after the symbol transformation and vector transformation of software overflow vulnerability features. Experiments show that the proposed method offers a higher precision, accuracy, recall rate, and F1 value. Moreover, this method can accurately detect the overflow vulnerability in actual software vulnerability predictions.

computer science, information systems

Jia Chen,Chunlu Wang,Yibo Xue

2009-01-01

Abstract:With the popularity of computer systems, system security has been paid more and more attention. Software vulnerabilities are design flaws in computer systems, which result in the majority of malicious attacks. So how to quickly analyze and excavate the software vulnerability is of the big challenge of the information security technology. Software reverse engineering is briefly introduced firstly. Then a method of software vulnerability analysis based on a fuzzyinput testing is proposed. Finally, the method using buffer overflow vulnerability analysis as examples is described in detail, and the validity of vulnerability analysis is prove using a fuzzyinput testing method.

PAN Yi,WU Chun-Mei,WU Gang-Shan

DOI: https://doi.org/10.3969/j.issn.1002-137x.2005.03.041

2005-01-01

Computer Science

Abstract:Enhancing compiler technology is one of the publicly available methods for buffer overflow prevention. This paper compares four typical and publicly available tools for buffer overflow prevention by enhancing compiler technology. Our motivation for this is to guide software developers to choose an appropriate tool to increase software quality from a security point of view, and also guide the researchers to bring forward their own more effective and safer method on buffer overflow prevention.