Filters








7,466 Hits in 5.5 sec

Testing static analysis tools using exploitable buffer overflows from open source code

Misha Zitser, Richard Lippmann, Tim Leek
<span title="">2004</span> <i title="ACM Press"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/dj7g645z6zfl5lut4iwy5walyu" style="color: black;">Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering - SIGSOFT &#39;04/FSE-12</a> </i> &nbsp;
Five modern static analysis tools (ARCHER, BOON, Poly-Space C Verifier, Splint, and UNO) were evaluated using source code examples containing 14 exploitable buffer overflow vulnerabilities found in various  ...  On patched programs these two tools produce one warning for every 12 to 46 lines of source code and neither tool accurately distinguished between vulnerable and patched code.  ...  for all their help on answering questions about C-Verifier.  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1145/1029894.1029911">doi:10.1145/1029894.1029911</a> <a target="_blank" rel="external noopener" href="https://dblp.org/rec/conf/sigsoft/ZitserLL04.html">dblp:conf/sigsoft/ZitserLL04</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/l3vplvffhzhcffckjjbgj2gidi">fatcat:l3vplvffhzhcffckjjbgj2gidi</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20170706111401/http://www.ida.liu.se/~TDDC90/literature/papers/zitser04testing.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/1f/c7/1fc71bee1b5b3fc86b4cb1ea19ca3a36bbaa2204.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1145/1029894.1029911"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> acm.org </button> </a>

Testing static analysis tools using exploitable buffer overflows from open source code

Misha Zitser, Richard Lippmann, Tim Leek
<span title="2004-11-01">2004</span> <i title="Association for Computing Machinery (ACM)"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/jpdbg2rpfjembkahly4z4ea5hq" style="color: black;">Software engineering notes</a> </i> &nbsp;
Five modern static analysis tools (ARCHER, BOON, Poly-Space C Verifier, Splint, and UNO) were evaluated using source code examples containing 14 exploitable buffer overflow vulnerabilities found in various  ...  On patched programs these two tools produce one warning for every 12 to 46 lines of source code and neither tool accurately distinguished between vulnerable and patched code.  ...  for all their help on answering questions about C-Verifier.  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1145/1041685.1029911">doi:10.1145/1041685.1029911</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/3mfrinqgnfd5dfvshsstlpepki">fatcat:3mfrinqgnfd5dfvshsstlpepki</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20170706111401/http://www.ida.liu.se/~TDDC90/literature/papers/zitser04testing.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/1f/c7/1fc71bee1b5b3fc86b4cb1ea19ca3a36bbaa2204.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1145/1041685.1029911"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> acm.org </button> </a>

Compiler for Detection of Program Vulnerabilities

Abhishek Nayyar, Umang Saxena, Arun Kumar
<span title="2014-10-18">2014</span> <i title="Foundation of Computer Science"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/b637noqf3vhmhjevdfk3h5pdsu" style="color: black;">International Journal of Computer Applications</a> </i> &nbsp;
Compiler in this publication uses the symbol table generation mechanism for syntactically, semantically segregation of executable code and canary guard mechanism for the protection of cases of buffer overflow  ...  Program Vulnerabilities may be unwarranted for any organization and may lead to severe system failure.  ...  Amit Kumar, Assistant Professor NIT Jalandhar for their support.  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.5120/18206-9343">doi:10.5120/18206-9343</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/ppxv4dkf2vczjjjc6opsnnculu">fatcat:ppxv4dkf2vczjjjc6opsnnculu</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20180604010700/https://research.ijcaonline.org/volume104/number6/pxc3899343.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/b4/33/b43390f3a04a8fc5d89628347235ff169975a88c.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.5120/18206-9343"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> Publisher / doi.org </button> </a>

Automatic Prevention of Buffer Overflow Vulnerability Using Candidate Code Generation

Young-Su JANG, Jin-Young CHOI
<span title="2018-12-01">2018</span> <i title="Institute of Electronics, Information and Communications Engineers (IEICE)"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/xosmgvetnbf4zpplikelekmdqe" style="color: black;">IEICE transactions on information and systems</a> </i> &nbsp;
Our research was aimed at developing a technique capable of generating substitution code for the detection of buffer overflow vulnerability in C/C++ programs.  ...  Our approach is particularly useful for enhancing software security monitoring, and for designing retrofitting techniques in applications. key words: information security, buffer overflow vulnerability  ...  We propose a technique that generates substitution code for the detection and correction of buffer overflow vulnerabilities in C/C++ applications.  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1587/transinf.2018edp7192">doi:10.1587/transinf.2018edp7192</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/2pjbypj5xvfp7hunxgu3tk3yj4">fatcat:2pjbypj5xvfp7hunxgu3tk3yj4</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20190508083610/https://www.jstage.jst.go.jp/article/transinf/E101.D/12/E101.D_2018EDP7192/_pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/3f/af/3faf48a0755f759ce72a40b6ae1b71272cf0ff4c.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1587/transinf.2018edp7192"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> Publisher / doi.org </button> </a>

Detecting Violations of Security Requirements for Vulnerability Discovery in Source Code

Hongzhe LI, Jaesang OH, Heejo LEE
<span title="">2016</span> <i title="Institute of Electronics, Information and Communications Engineers (IEICE)"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/xosmgvetnbf4zpplikelekmdqe" style="color: black;">IEICE transactions on information and systems</a> </i> &nbsp;
Finding software vulnerabilities in source code before the program gets deployed is crucial to ensure the software quality.  ...  Existing source code auditing tools for vulnerability detection generate too many false positives, and only limited types of vulnerability can be detected automatically.  ...  For example, in the test case file named CWE121 Buffer Overflow CWE131 memcpy 01.c, there are one good sink which is not vulnerable and one bad sink which is actually a vulnerability.  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1587/transinf.2016edl8035">doi:10.1587/transinf.2016edl8035</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/zr3m4ve4rbeqxlcigmx7d7m5b4">fatcat:zr3m4ve4rbeqxlcigmx7d7m5b4</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20181102192213/https://www.jstage.jst.go.jp/article/transinf/E99.D/9/E99.D_2016EDL8035/_pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/7a/d1/7ad1379c9e04e104861f21c058733e24a08f3851.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1587/transinf.2016edl8035"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> Publisher / doi.org </button> </a>

Comparative Assessment of Static Analysis Tools for Software Vulnerability

Peter Miele
<span title="">2018</span> <i title="International Academy Publishing (IAP)"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/3uo3zcmrgvgspdzqe6w6sjoezq" style="color: black;">Journal of Computers</a> </i> &nbsp;
We use the criteria by Nagy and Mancoridis [8] for selecting tools for testing vulnerability. Table 2 shows the criteria. Per the criteria, we chose Flawfinder [1], RATS [5], and ITS4 [2].  ...  Flawfinder examines C/C++  ...  In this work, we use applications written in C language for testing. We chose C programming language due to its high vulnerability nature as C functions have little security mechanism.  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.17706/jcp.13.10.1136-1144">doi:10.17706/jcp.13.10.1136-1144</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/7npm3e5dsfgzjbfxoshznygsse">fatcat:7npm3e5dsfgzjbfxoshznygsse</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20200210152207/http://www.jcomputers.us/vol13/jcp1310-01.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/54/05/5405292ad2f94970ba73a4bbfe7061ce7bda6188.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.17706/jcp.13.10.1136-1144"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="unlock alternate icon" style="background-color: #fb971f;"></i> Publisher / doi.org </button> </a>

A buffer overflow benchmark for software model checkers

Kelvin Ku, Thomas E. Hart, Marsha Chechik, David Lie
<span title="">2007</span> <i title="ACM Press"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/hj24pr6lvba3dfi5muhp4mz5tm" style="color: black;">Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering - ASE &#39;07</a> </i> &nbsp;
of buffer overflow detection.  ...  The benchmark consists of 298 code fragments of varying complexity capturing 22 buffer overflow vulnerabilities in 12 open source applications.  ...  [16] is comprised of a set of yet smaller programs, each containing a single call to a standard C library func-tion. Both suites were designed as correctness tests for lightweight static analyses.  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1145/1321631.1321691">doi:10.1145/1321631.1321691</a> <a target="_blank" rel="external noopener" href="https://dblp.org/rec/conf/kbse/KuHCL07.html">dblp:conf/kbse/KuHCL07</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/tgnlrg7w3zecxpbbqdjlwfttsm">fatcat:tgnlrg7w3zecxpbbqdjlwfttsm</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20190214222403/http://www.cs.toronto.edu:80/~chechik/pubs/ase07.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/28/fc/28fc9aa7daef01988ce045c4eb4c1e5867383b9e.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1145/1321631.1321691"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> acm.org </button> </a>

A Buffer Overflow Prediction Approach Based on Software Metrics and Machine Learning

Jiadong Ren, Zhangqi Zheng, Qian Liu, Zhiyao Wei, Huaizhi Yan
<span title="2019-03-03">2019</span> <i title="Hindawi Limited"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/sdme5pnua5auzcsjgqmqefb66m" style="color: black;">Security and Communication Networks</a> </i> &nbsp;
The method presented in this paper achieved the effect of accurately predicting software buffer overflow vulnerabilities in C/C++ and Java programs.  ...  Buffer overflow vulnerability is the most common and serious type of vulnerability in software today, as network security issues have become increasingly critical.  ...  Results in C/C++ Programs.  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1155/2019/8391425">doi:10.1155/2019/8391425</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/bbvibwawcrbdhao4jwy5wbcvmi">fatcat:bbvibwawcrbdhao4jwy5wbcvmi</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20190503050933/http://downloads.hindawi.com/journals/scn/2019/8391425.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/2d/6e/2d6ecabd5cf60462970076a5e7a2b8a50cfe6b20.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1155/2019/8391425"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="unlock alternate icon" style="background-color: #fb971f;"></i> hindawi.com </button> </a>

Buffer Overflow Vulnerability Detection Based on Unsafe Function Invocation

Xianda Zhao, Shuguang Huang, Zulie Pan, Huang Hui
<span title="">2020</span> <i title="IOP Publishing"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/wxgp7pobnrfetfizidmpebi4qy" style="color: black;">Journal of Physics, Conference Series</a> </i> &nbsp;
Buffer overflow vulnerabilities are widespread in software programs and pose a serious security threat.  ...  method for vulnerability detection.  ...  It should be noted that the buffer overflow vulnerability detected by our proposed method generally refers to buffer overflow "defect", and it is not tested whether the defect can be exploited.  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1088/1742-6596/1549/2/022064">doi:10.1088/1742-6596/1549/2/022064</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/c6pkfrgbmrflhlhtxvf5dcn36e">fatcat:c6pkfrgbmrflhlhtxvf5dcn36e</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20200729044644/https://iopscience.iop.org/article/10.1088/1742-6596/1549/2/022064/pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/f8/19/f8192900a02b0d9b11abc8b58d170ac760548294.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1088/1742-6596/1549/2/022064"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="unlock alternate icon" style="background-color: #fb971f;"></i> iop.org </button> </a>

Improving network applications security

Concettina Del Grosso, Giuliano Antoniol, Massimiliano Di Penta, Philippe Galinier, Ettore Merlo
<span title="">2005</span> <i title="ACM Press"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/fdhfwmjdwjbvxo6zc7cdt5hi7q" style="color: black;">Proceedings of the 2005 conference on Genetic and evolutionary computation - GECCO &#39;05</a> </i> &nbsp;
This paper proposes to combine static analysis and program slicing with evolutionary testing, to detect buffer overflow threats.  ...  These functions account for terms such as the statement coverage, the coverage of vulnerable statements, the distance form buffer boundaries and the coverage of unconstrained nodes of the control flow  ...  The code coverage for C programs was measured using the freely available coverage tool gcov, distributed with the GNU C compiler 2 .  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1145/1068009.1068185">doi:10.1145/1068009.1068185</a> <a target="_blank" rel="external noopener" href="https://dblp.org/rec/conf/gecco/GrossoAPGM05.html">dblp:conf/gecco/GrossoAPGM05</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/2ntdwhedhrhqrbousk5r7htzd4">fatcat:2ntdwhedhrhqrbousk5r7htzd4</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20170808164148/http://www.ecs.csun.edu/~rlingard/COMP595VAV/DelGrossoPaper.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/52/7b/527bc8ed3625b6d68fc1462b2338a2fbd57da25c.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1145/1068009.1068185"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> acm.org </button> </a>

An automated approach to fix buffer overflows

Aamir Shahab, Muhammad Nadeem, Mamdouh Alenezi, Raja Asif
<span title="2020-08-01">2020</span> <i title="Institute of Advanced Engineering and Science"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/sdt65w3c4jeojd2d4wr6rbkebe" style="color: black;">International Journal of Electrical and Computer Engineering (IJECE)</a> </i> &nbsp;
Various manual and automated techniques for detecting and fixing specific types of buffer overflow vulnerability have been proposed, but the solution to fix Unicode buffer overflow has not been proposed  ...  Buffer overflows are one of the most common software vulnerabilities that occur when more data is inserted into a buffer than it can hold.  ...  BovInspector, an automated tool, fixes buffer overflow vulnerability in C programs. The tool checks the buffer overflow warning path in a program.  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.11591/ijece.v10i4.pp3777-3787">doi:10.11591/ijece.v10i4.pp3777-3787</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/f4x6xjl7hjcjbet5dfobbr6ozm">fatcat:f4x6xjl7hjcjbet5dfobbr6ozm</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20200309011659/http://ijece.iaescore.com/index.php/IJECE/article/download/21284/pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/27/9c/279c459a2ff82fc8840a7fdcbd316c1eb1a43717.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.11591/ijece.v10i4.pp3777-3787"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="unlock alternate icon" style="background-color: #fb971f;"></i> Publisher / doi.org </button> </a>

Buffer Overflow Detection via Static Analysis: Expectations vs. Reality
Статический анализ для поиска переполнения буфера: актуальные направления развитияалгоритмов

I.A. Dudina
<span title="">2018</span> <i title="Institute for System Programming of the Russian Academy of Sciences"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/q5rpshlfgfb5vn5yo6kwvnmsqe" style="color: black;">Proceedings of the Institute for System Programming of RAS</a> </i> &nbsp;
Over the last few decades buffer overflow remains one of the main sources of program errors and vulnerabilities.  ...  Now it can perform interprocedural context-and path-sensitive analysis to detect buffer overflow mainly for static and stack objects with approximately 65% true positive ratio.  ...  For C/C++ code it contains 64,099 test cases tagged by CWE entries.  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.15514/ispras-2018-30(3)-2">doi:10.15514/ispras-2018-30(3)-2</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/nk3gcaxlfvcwfebnq6woqjsrpq">fatcat:nk3gcaxlfvcwfebnq6woqjsrpq</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20190429100302/http://www.ispras.ru/proceedings/docs/2018/30/3/isp_30_2018_3_21.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/9e/e0/9ee0179b86bf3f8c85ed0d5fcf45d78ce0f51eda.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.15514/ispras-2018-30(3)-2"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="unlock alternate icon" style="background-color: #fb971f;"></i> Publisher / doi.org </button> </a>

An Empirical Study on Detecting and Fixing Buffer Overflow Bugs

Tao Ye, Lingming Zhang, Linzhang Wang, Xuandong Li
<span title="">2016</span> <i title="IEEE"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/2vets7bfvjgrfdnvqtw7wrhqk4" style="color: black;">2016 IEEE International Conference on Software Testing, Verification and Validation (ICST)</a> </i> &nbsp;
Buffer overflow is one of the most common types of software security vulnerabilities.  ...  Finally, we also categorized the patterns of manual buffer overflow repair actions to guide automated repair techniques for buffer overflow.  ...  We would like to express our gratitude to CHECKMARX China team for providing an evaluation version of Checkmarx to support our comparison study.  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1109/icst.2016.21">doi:10.1109/icst.2016.21</a> <a target="_blank" rel="external noopener" href="https://dblp.org/rec/conf/icst/YeZWL16.html">dblp:conf/icst/YeZWL16</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/6d7x7n4jh5hddkxoot3ru6sqba">fatcat:6d7x7n4jh5hddkxoot3ru6sqba</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20170421124335/http://www.utdallas.edu:80/~lxz144130/publications/icst2016.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/20/e8/20e86f51f90b1fa9ae48752f73a757d1272ca26a.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1109/icst.2016.21"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> ieee.com </button> </a>

Automated Source Code Instrumentation for Verifying Potential Vulnerabilities [chapter]

Hongzhe Li, Jaesang Oh, Hakjoo Oh, Heejo Lee
<span title="">2016</span> <i title="Springer International Publishing"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/kss7mrolvja63k4rmix3iynkzi" style="color: black;">IFIP Advances in Information and Communication Technology</a> </i> &nbsp;
The buffer overflow is at line 10 when the program is trying to write "c filesize" number of bytes to 0 space buffer.  ...  To test our tools, we prepared 3,969 files for stack based buffer overflow vulnerabilities, each of which belongs to 4 basic types based on our sink classification in Table 1 .  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1007/978-3-319-33630-5_15">doi:10.1007/978-3-319-33630-5_15</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/bqo4hcf7fzap7dwrdhefmpzalu">fatcat:bqo4hcf7fzap7dwrdhefmpzalu</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20190501021706/https://hal.inria.fr/hal-01369555/document" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/50/b2/50b20eb66f361096d1dafaaed94ce4e7b942e232.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1007/978-3-319-33630-5_15"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> springer.com </button> </a>

Buffer Overflow Attack Vulnerability in Stack

P.Vadivel Murugan, Dr.K. Alagarsamy
<span title="2011-01-12">2011</span> <i title="Foundation of Computer Science"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/b637noqf3vhmhjevdfk3h5pdsu" style="color: black;">International Journal of Computer Applications</a> </i> &nbsp;
The overwritten data may include other buffers, variables and program flow data a technically inclined and malicious user may exploit stack-based buffer overflows to manipulate the program[9,10].  ...  Most of the vulnerability based on buffer overflows aim at forcing the execution of malicious code, mainly in order to give a root shell to the user.  ...  DETECTING BUFFER OVERFLOWS To test the buffer overflows, you should attempt to enter extra data than is asked for wherever your program accepts input.  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.5120/1780-2455">doi:10.5120/1780-2455</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/gv7tivzinndwzmf6wiiqmhhwiu">fatcat:gv7tivzinndwzmf6wiiqmhhwiu</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20180601235758/https://www.ijcaonline.org/volume13/number5/pxc3872455.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/35/02/3502e9735227279d93dc055b93406ce3685c2ea0.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.5120/1780-2455"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> Publisher / doi.org </button> </a>
&laquo; Previous Showing results 1 &mdash; 15 out of 7,466 results