Efficient detection of all pointer and array access errors
PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation
Using Program Transformation to Secure C Programs Against Buffer Overflows
WCRE '03 Proceedings of the 10th Working Conference on Reverse Engineering
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Automatic Patch Generation for Buffer Overflow Attacks
IAS '07 Proceedings of the Third International Symposium on Information Assurance and Security
Classification of Static Analysis-Based Buffer Overflow Detectors
SSIRI-C '10 Proceedings of the 2010 Fourth International Conference on Secure Software Integration and Reliability Improvement Companion
A New Class of Buffer Overflow Attacks
ICDCS '11 Proceedings of the 2011 31st International Conference on Distributed Computing Systems
Mitigating program security vulnerabilities: Approaches and challenges
ACM Computing Surveys (CSUR)
Detection of Buffer Overflow Vulnerabilities in C/C++ with Pattern Based Limited Symbolic Evaluation
COMPSACW '12 Proceedings of the 2012 IEEE 36th Annual Computer Software and Applications Conference Workshops
Rule-Based Source Level Patching of Buffer Overflow Vulnerabilities
ITNG '13 Proceedings of the 2013 10th International Conference on Information Technology: New Generations
Hi-index | 0.00 |
The presence of buffer overflow (BOF) vulnerabilities in programs hampers essential security objectives such as confidentiality, integrity and availability. In particular, exploitations of BOF might lead to many unwanted consequences including denial of service through program crash, control flow hijacking, and corrupted program state. When BOF vulnerabilities are detected, they need to be patched before the software is redeployed. Source level automatic patching of vulnerabilities has the challenges of finding a set of general rules and consistently applying them without bringing any side effects to intended software. This paper proposes a set of general rules to address the mitigation of BOF vulnerabilities for C/C++ programs. In particular, we developed a set of rules to identify vulnerable code and how to make the code vulnerability free. The proposed rule-based approach addresses both simple (one statement) and complex (multiple statements) forms of code that can be vulnerable to BOF ranging from unsafe library function calls to the pointer usage in control flow structures (loop and conditional statements). We evaluated the proposed approach using two publicly available benchmarks and a number of open source C/C++ applications. The results show that the proposed rules can not only identify previously known BOF vulnerabilities, but also find new vulnerabilities. Moreover, the patching rules impose negligible overhead to the application.