Filters








7,953 Hits in 5.5 sec

Testing for buffer overflows with length abstraction

Ru-Gang Xu, Patrice Godefroid, Rupak Majumdar
2008 Proceedings of the 2008 international symposium on Software testing and analysis - ISSTA '08  
Splat was also able to find two previously unknown buffer overflows in a heavily-tested storage system.  ...  The part of the buffer beyond the symbolic prefix is filled with concrete random inputs.  ...  We thank the authors of [24] for their benchmarks. We thank Alex Groce and Rajeev Joshi for feedback on preliminary versions of Splat.  ... 
doi:10.1145/1390630.1390636 dblp:conf/issta/XuGM08 fatcat:nrtgn7asbbctlhbncb5aa2yn6i

Testing static analysis tools using exploitable buffer overflows from open source code

Misha Zitser, Richard Lippmann, Tim Leek
2004 Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering - SIGSOFT '04/FSE-12  
Each code example included a "BAD" case with and a "OK" case without buffer overflows.  ...  Buffer overflows varied and included stack, heap, bss and data buffers; access above and below buffer bounds; access using pointers, indices, and functions; and scope differences between buffer creation  ...  We would also like to thank David Evans for his help with Splint, David Wagner for answering questions about BOON, Yichen Xie and Dawson Engler for their help with ARCHER, and Chris Hote and Vince Hopson  ... 
doi:10.1145/1029894.1029911 dblp:conf/sigsoft/ZitserLL04 fatcat:l3vplvffhzhcffckjjbgj2gidi

Testing static analysis tools using exploitable buffer overflows from open source code

Misha Zitser, Richard Lippmann, Tim Leek
2004 Software engineering notes  
Each code example included a "BAD" case with and a "OK" case without buffer overflows.  ...  Buffer overflows varied and included stack, heap, bss and data buffers; access above and below buffer bounds; access using pointers, indices, and functions; and scope differences between buffer creation  ...  We would also like to thank David Evans for his help with Splint, David Wagner for answering questions about BOON, Yichen Xie and Dawson Engler for their help with ARCHER, and Chris Hote and Vince Hopson  ... 
doi:10.1145/1041685.1029911 fatcat:3mfrinqgnfd5dfvshsstlpepki

Buffer Overflow Vulnerability Detection Based on Unsafe Function Invocation

Xianda Zhao, Shuguang Huang, Zulie Pan, Huang Hui
2020 Journal of Physics, Conference Series  
Buffer overflow vulnerabilities are widespread in software programs and pose a serious security threat.  ...  In order to effectively mitigate buffer vulnerabilities, we proposed a buffer overflow vulnerability detection technique based on unsafe function invocation.  ...  It should be noted that the buffer overflow vulnerability detected by our proposed method generally refers to buffer overflow "defect", and it is not tested whether the defect can be exploited.  ... 
doi:10.1088/1742-6596/1549/2/022064 fatcat:c6pkfrgbmrflhlhtxvf5dcn36e

Filtering false alarms of buffer overflow analysis using SMT solvers

Youil Kim, Jooyong Lee, Hwansoo Han, Kwang-Moo Choe
2010 Information and Software Technology  
Buffer overflow detection using static analysis can provide a powerful tool for software programmers to find difficult bugs in C programs.  ...  Our experiment with the test cases from three open source programs shows that our filtering method can reduce about 68% of false alarms on average.  ...  The statements at line 307 and line 309 are the main targets for our buffer overflow analyzer to test.  ... 
doi:10.1016/j.infsof.2009.10.004 fatcat:ka3v7wgfn5arridxmmtf2luaie

Superion: Grammar-Aware Greybox Fuzzing [article]

Junjie Wang, Bihuan Chen, Lei Wei, Yang Liu
2019 arXiv   pre-print
Particularly, American Fuzzy Lop (AFL for short) is deemed to be a great success in fuzzing relatively simple test inputs.  ...  Given the grammar (which is often publicly available) of test inputs, we introduce a grammar-aware trimming strategy to trim test inputs at the tree level using the abstract syntax trees (ASTs) of parsed  ...  -173819 Assertion Failure Jerryscript CVE-2017-18212 Buffer Overflow N/A CVE-2018-11418 Buffer Overflow N/A CVE-2018-11419 Buffer Overflow N/A Bug-2238 Buffer Overflow N/A ChakraCore  ... 
arXiv:1812.01197v3 fatcat:nf6jzbhccnefnjsspo3oz43lu4

Compiler for Detection of Program Vulnerabilities

Abhishek Nayyar, Umang Saxena, Arun Kumar
2014 International Journal of Computer Applications  
Compiler in this publication uses the symbol table generation mechanism for syntactically, semantically segregation of executable code and canary guard mechanism for the protection of cases of buffer overflow  ...  Major work in this area deals with the simple scenarios for vulnerability detection but our aim is to check for various complicated scenarios and non common possibilities for program attack and designing  ...  Amit Kumar, Assistant Professor NIT Jalandhar for their support.  ... 
doi:10.5120/18206-9343 fatcat:ppxv4dkf2vczjjjc6opsnnculu

Buffer Overflow Detection via Static Analysis: Expectations vs. Reality
Статический анализ для поиска переполнения буфера: актуальные направления развитияалгоритмов

I.A. Dudina
2018 Proceedings of the Institute for System Programming of RAS  
Now it can perform interprocedural context-and path-sensitive analysis to detect buffer overflow mainly for static and stack objects with approximately 65% true positive ratio.  ...  Over the last few decades buffer overflow remains one of the main sources of program errors and vulnerabilities.  ...  Some tools chose different numerical abstract domains to implement the analysis of integer index values, buffer sizes, and string lengths.  ... 
doi:10.15514/ispras-2018-30(3)-2 fatcat:nk3gcaxlfvcwfebnq6woqjsrpq

Static Analysis of String Manipulations in Critical Embedded C Programs [chapter]

Xavier Allamigeon, Wenceslas Godard, Charles Hymans
2006 Lecture Notes in Computer Science  
It is based on the theory of abstract interpretation and relies on an abstraction of stores that retains the length of string buffers.  ...  This paper describes a new static analysis to show the absence of memory errors, especially string buffer overflows in C programs.  ...  Further work will explore the semantics and abstractions necessary to deal with C union types with much precision.  ... 
doi:10.1007/11823230_4 fatcat:sajrz3ghbng2liuy6gbhuiym5m

Entropy coded differential pulse-code modulation systems for television

S. Goyal, J. O'Neal
1975 IEEE Transactions on Communications  
This strategy avoids buffer overflow and has the desirable property that it produces low noise in quiet areas of the picture and higher noise in busy areas of the picture.  ...  This encoder converts analog television signals into a digital bit stream for digital transmission or storage.  ...  Barclay for his suggestions and constructive criticism during the course of this work.  ... 
doi:10.1109/tcom.1975.1092860 fatcat:2xqwpohabncyjervvu3llhzby4

Towards security defect prediction with AI [article]

Carson D. Sestili and William S. Snavely and Nathan M. VanHoudnos
2018 arXiv   pre-print
In this study, we investigate the limits of the current state of the art AI system for detecting buffer overflows and compare it with current static analysis tools.  ...  We found that the static analysis engines we examined have good precision, but poor recall on this dataset, except for a sound static analyzer that has good precision and recall.  ...  This implies that the abstract interpretation model that frama-c uses is sufficient to reason about buffer overflows on this subset.  ... 
arXiv:1808.09897v2 fatcat:7w32qpkuqrarzneazt2h3tuwpm

Defeating Buffer Overflow: A Trivial but Dangerous Bug

Paul E. Black, Irena Bojanova
2016 IT Professional Magazine  
Black has nearly 20 years of industrial experience developing software for IC design and verification, assuring software quality, and managing business data processing.  ...  Black earned a Ph.D. from Brigham Young University, and has published in static analysis, software testing, networks and queuing analysis, formal methods, software verification, quantum computing, and  ...  If today is not a good day for your C software to die, there are many techniques that detect the vast majority of buffer overflows.  ... 
doi:10.1109/mitp.2016.117 pmid:28579926 pmcid:PMC5455784 fatcat:xyaycfzoijdrjl7qv5as5svsqa

Automatic Prevention of Buffer Overflow Vulnerability Using Candidate Code Generation

Young-Su JANG, Jin-Young CHOI
2018 IEICE transactions on information and systems  
Our approach is particularly useful for enhancing software security monitoring, and for designing retrofitting techniques in applications. key words: information security, buffer overflow vulnerability  ...  Our research was aimed at developing a technique capable of generating substitution code for the detection of buffer overflow vulnerability in C/C++ programs.  ...  For example, a category such as "Buffer overflow" represents different CWE entries that describe the type of buffer overflow (e.g., CWE-121 Stack-based buffer overflow, CWE-190 Integer overflow, etc).  ... 
doi:10.1587/transinf.2018edp7192 fatcat:2pjbypj5xvfp7hunxgu3tk3yj4

A Scalable Incomplete Test for Message Buffer Overflow in Promela Models [chapter]

Stefan Leue, Richard Mayr, Wei Wei
2004 Lecture Notes in Computer Science  
A Scalable Incomplete Test for Message Buffer Overflow 217 a given system and what buffer lengths are sufficient to avoid them.  ...  Our paper presents an automated test for the occurrence of these buffer overflows in Promela.  ...  We thank all involved students, in particular Quang Minh Bui, for their effort in developing IBOC.  ... 
doi:10.1007/978-3-540-24732-6_16 fatcat:qktx4u4x2rc3xfqq5n5gtu3b4y

Software Security analysis, static and dynamic testing in java and C environment, a comparative study [article]

Manas Gaur
2012 arXiv   pre-print
This algorithm serves to reduce the damage in case of buffer overflow  ...  The main stretch in the paper is buffer overflow anomaly occurring in major source codes, designed in various programming language.  ...  RESULTS Algorithm For Buffer Overflow Bound Checking Related Works Three other studies of defenses against buffer overflow attacks have been made Web Application security -Buffer overflows Are you  ... 
arXiv:1208.3205v1 fatcat:4z4ta3o6cnac7cjscjxhsyr3ha
« Previous Showing results 1 — 15 out of 7,953 results