A Buffer Overflow Benchmark for Software Model Checkers (Short Paper)
نویسندگان
چکیده
Software model checking based on abstraction-refinement has recently achieved widespread success in verifying API conformance in device drivers, and we believe this success can be replicated for the problem of buffer overflow detection. This paper presents a publicly-available benchmark suite to help guide and evaluate this research. The benchmark consists of 298 code fragments of varying complexity capturing 22 buffer overflow vulnerabilities in 12 open source applications. We give a preliminary evaluation of the benchmark using the SatAbs model checker.
منابع مشابه
Model - Checking : Benchmarking and Techniques for Buffer Overflow Analysis by Kelvin Ku A thesis submitted in conformity with the requirements
Software Model-Checking: Benchmarking and Techniques for Buffer Overflow Analysis Kelvin Ku Master of Science Graduate Department of Computer Science University of Toronto 2008 Software model-checking based on abstraction-refinement has recently achieved widespread success in verifying critical properties of real-world device drivers. We believe this success can be replicated for the problem of...
متن کاملAutomated Generation of Buffer Overflow Quick Fixes Using Symbolic Execution and SMT
In many C programs, debugging requires significant effort and can consume a lot of time. Even if the bug’s cause is known, detecting a bug in such programs and generating a bug fix patch manually is a tedious task. In this paper, we present a novel approach used to generate bug fixes for buffer overflow automatically using static execution, code patch patterns, quick fix locations, user input s...
متن کاملInter-ring Traffic Management in Bridged Resilient Packet Rings: Global Fairness and Buffer Overflow Prevention
Resilient Packet Ring (RPR) is a dual-ring network, also known as the IEEE 802.17 Standard. As with other IEEE 802 networks, multiple RPR networks can be bridged together to form a bridged network when necessary. However, further research is necessary on additional issues that arise from bridging RPR networks. In this paper, we place emphasize on two of these issues; that is, fairness for inter...
متن کاملDynamic Buffer Overflow Detection
The capabilities of seven dynamic buffer overflow detection tools (Chaperon, Valgrind, CCured, CRED, Insure++, ProPolice and TinyCC) are evaluated in this paper. These tools employ different approaches to runtime buffer overflow detection and range from commercial products to opensource gcc-enhancements. A comprehensive testsuite was developed consisting of specifically-designed test cases and ...
متن کاملLow-Overhead Software Dynamic Translation
Software dynamic translation (SDT) is a technology that allows programs to be modified as they are running. The overhead of monitoring and modifying a running program’s instructions is often substantial in SDT. As a result SDT can be impractically slow, especially in SDT systems that do not or can not employ dynamic optimization to offset overhead. This is unfortunate since SDT has obvious adva...
متن کامل