Model - Checking : Benchmarking and Techniques for Buffer Overflow Analysis by Kelvin Ku A thesis submitted in conformity with the requirements
نویسنده
چکیده
Software Model-Checking: Benchmarking and Techniques for Buffer Overflow Analysis Kelvin Ku Master of Science Graduate Department of Computer Science University of Toronto 2008 Software model-checking based on abstraction-refinement has recently achieved widespread success in verifying critical properties of real-world device drivers. We believe this success can be replicated for the problem of buffer overflow detection. This thesis presents two projects which contribute to this objective. First, it discusses the design and construction of a buffer overflow benchmark for software model-checkers. The benchmark consists of 298 code fragments of varying complexity capturing 22 buffer overflow vulnerabilities in 12 open source applications. We give a preliminary evaluation of the benchmark using the SatAbs model checker. Second, the thesis describes the implementation of several components for supporting buffer overflow analysis in the YASM software model-checker.
منابع مشابه
A Buffer Overflow Benchmark for Software Model Checkers (Short Paper)
Software model checking based on abstraction-refinement has recently achieved widespread success in verifying API conformance in device drivers, and we believe this success can be replicated for the problem of buffer overflow detection. This paper presents a publicly-available benchmark suite to help guide and evaluate this research. The benchmark consists of 298 code fragments of varying compl...
متن کاملGurfinkel A thesis submitted in conformity with the requirements for the degree of Master of Science
Multi-Valued Symbolic Model-Checking: Fairness, Counter-Examples, Running Time Arie Gurfinkel Master of Science Graduate Department of Computer Science University of Toronto 2003 Multi-valued model-checking is an effective technique for reasoning about systems with incomplete or inconsistent information. In particular, it is well suited for reasoning about abstract, partial, and feature-based s...
متن کاملReachability checking in complex and concurrent software systems using intelligent search methods
Software system verification is an efficient technique for ensuring the correctness of a software product, especially in safety-critical systems in which a small bug may have disastrous consequences. The goal of software verification is to ensure that the product fulfills the requirements. Studies show that the cost of finding and fixing errors in design time is less than finding and fixing the...
متن کاملRICB: Integer Overflow Vulnerability Dynamic Analysis via Buffer Overflow
Integer overflow vulnerability will cause buffer overflow. The research on the relationship between them will help us to detect integer overflow vulnerability. We present a dynamic analysis methods RICB (Runtime Integer Checking via Buffer overflow). Our approach includes decompile execute file to assembly language; debug the execute file step into and step out; locate the overflow points and c...
متن کاملTHE APPLICATION OF DATA ENVELOPMENT ANALYSIS METHODOLOGY TO IMPROVE THE BENCHMARKING PROCESS IN THE EFQM BUSINESS MODEL (CASE STUDY: AUTOMOTIVE INDUSTRY OF IRAN)
This paper reports a survey and case study research outcomes on the application of Data Envelopment Analysis (DEA) to the ranking method of European Foundation for Quality Management (EFQM) Business Excellence Model in Iran’s Automotive Industry and improving benchmarking process after assessment. Following the global trend, the Iranian industry leaders have introduced the EFQM practice to thei...
متن کامل