The Cathedral and the Bazaar
Building dependable COTS microkernel-based systems using MAFALDA
PRDC '00 Proceedings of the 2000 Pacific Rim International Symposium on Dependable Computing
Comparing Operating Systems Using Robustness Benchmarks
SRDS '97 Proceedings of the 16th Symposium on Reliable Distributed Systems
Emulation of Software Faults by Educated Mutations at Machine-Code Level
ISSRE '02 Proceedings of the 13th International Symposium on Software Reliability Engineering
RAD: A Compile-Time Solution to Buffer Overflow Attacks
ICDCS '01 Proceedings of the The 21st International Conference on Distributed Computing Systems
Statically detecting likely buffer overflow vulnerabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Static analysis of executables to detect malicious patterns
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Transparent run-time defense against stack smashing attacks
ATEC '00 Proceedings of the annual conference on USENIX Annual Technical Conference
Towards availability benchmarks: a case study of software raid systems
ATEC '00 Proceedings of the annual conference on USENIX Annual Technical Conference
A dependability benchmark for OLTP application environments
VLDB '03 Proceedings of the 29th international conference on Very large data bases - Volume 29
Hi-index | 0.00 |
This paper presents a methodology for the automated detection of buffer overflow vulnerabilities in executable software. Buffer overflow exploitation has been used by hackers to breach security or simply to crash computer systems. The mere presence inside the software code of a vulnerability that allows for buffer overflow exploitations presents a serious risk. So far, all methodologies devised to mitigate this problem assume source code availability or prior knowledge on vulnerable functions. Our methodology removes this dependency and allows the analysis of executable code without any knowledge about its internal structure. This independence is fundamental for relevant scenarios such as COTS selection during system integration (for which source code is usually not available), and the definition of attackloads for dependability benchmarking.