Tracking down software bugs using automatic anomaly detection
Proceedings of the 24th International Conference on Software Engineering
Improving Computer Security Using Extended Static Checking
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
AccMon: Automatically Detecting Memory-Related Bugs via Program Counter-Based Invariants
Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
Symbolic bounds analysis of pointers, array indices, and accessed memory regions
ACM Transactions on Programming Languages and Systems (TOPLAS)
CUTE: a concolic unit testing engine for C
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Proceedings of the 12th ACM conference on Computer and communications security
EXE: automatically generating inputs of death
Proceedings of the 13th ACM conference on Computer and communications security
Statically detecting likely buffer overflow vulnerabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Address obfuscation: an efficient approach to combat a board range of memory error exploits
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
SigFree: a signature-free buffer overflow attack blocker
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Securing software by enforcing data-flow integrity
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Memsherlock: an automated debugger for unknown memory corruption vulnerabilities
Proceedings of the 14th ACM conference on Computer and communications security
The Daikon system for dynamic detection of likely invariants
Science of Computer Programming
Detecting buffer overflow via automatic test input data generation
Computers and Operations Research
Testing for buffer overflows with length abstraction
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
Preventing Memory Error Exploits with WIT
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Mutation-Based Testing of Buffer Overflow Vulnerabilities
COMPSAC '08 Proceedings of the 2008 32nd Annual IEEE International Computer Software and Applications Conference
A compiler-hardware approach to software protection for embedded systems
Computers and Electrical Engineering
HSP: A solution against heap sprays
Journal of Systems and Software
Test data compression based on geometric shapes
Computers and Electrical Engineering
Fault diagnosis in reversible circuits under missing-gate fault model
Computers and Electrical Engineering
| Hi-index | 0.00 |
Program Buffer Overflow Defects (PBODs) are the stepping stones of Buffer Overflow Attacks (BOAs), which are one of the most dangerous security threats to the Internet. In this paper, we propose a kernel-based security testing tool, named ARMORY, for software engineers to detect PBODs automatically when they apply all kinds of testing, especially functional testing and unit testing, without increasing the testing workload. Besides, ARMORY does not need any attack instance, any training phase, or source code to finish its security testing. ARMORY can detect unknown PBODs. ARMORY not only can improve software quality, but also can reduce the amount of system resources used to protect a system. We implemented ARMORY in Linux kernel by modifying sys_read() system call and entry. S which deals all system call. Experimental results show that ARMORY can automatically detect PBODs when programmers test the functionality of their programs.