Statically Detecting Likely Buffer Overflow Vulnerabilities
نویسندگان
چکیده
Buffer overflow attacks may be today’s single most important security threat. This paper presents a new approach to mitigating buffer overflow vulnerabilities by detecting likely vulnerabilities through an analysis of the program source code. Our approach exploits information provided in semantic comments and uses lightweight and efficient static analyses. This paper describes an implementation of our approach that extends the LCLint annotation-assisted static checking tool. Our tool is as fast as a compiler and nearly as easy to use. We present experience using our approach to detect buffer overflow vulnerabilities in two security-sensitive programs.
منابع مشابه
Precise Buffer Overflow Detection via Model Checking
Buffer overflows are the source of a vast majority of vulnerabilities in today’s software. Existing solution for detecting buffer overflow, either statically or dynamically, have serious drawbacks that hinder their wider adoption by practitioners. In this paper we present an automated overflow detection technique based on model checking and iterative refinement. We discuss advantages, and limit...
متن کاملIntegrating Static Analysis Tools for Improving Operating System Security
Static analysis approach is widely used for detecting vulnerabilities within the code before the execution. C/C++ programming languages consist of highest number of vulnerabilities of which buffer overflow is the highest rated. Of all static analysis tools available none has enabled to detect all the vulnerabilities. Hence, we have proposed an integrated approach using two open-source static an...
متن کاملDynamic Buffer Overflow Detection
The capabilities of seven dynamic buffer overflow detection tools (Chaperon, Valgrind, CCured, CRED, Insure++, ProPolice and TinyCC) are evaluated in this paper. These tools employ different approaches to runtime buffer overflow detection and range from commercial products to opensource gcc-enhancements. A comprehensive testsuite was developed consisting of specifically-designed test cases and ...
متن کاملUsing Type Qualifiers to Analyze Untrusted Integers and Detecting Security Flaws in C Programs
Incomplete or improper input validation is one of the major sources of security bugs in programs. While traditional approaches often focus on detecting string related buffer overflow vulnerabilities, we present an approach to automatically detect potential integer misuse, such as integer overflows in C programs. Our tool is based on CQual, a static analysis tool using type theory. Our technique...
متن کاملMonitoring Buffer Overflow Attacks: A Perennial Task
Buffer overflow (BOF) is a well-known, and one of the worst and oldest, vulnerabilities in programs. BOF attacks overwrite data buffers and introduce wide ranges of attacks like execution of arbitrary injected code. Many approaches are applied to mitigate buffer overflow vulnerabilities; however, mitigating BOF vulnerabilities is a perennial task as these vulnerabilities elude the mitigation ef...
متن کامل