An empirical study of the reliability of UNIX utilities
Communications of the ACM
Assertion-oriented automated test data generation
Proceedings of the 18th international conference on Software engineering
Automated test-data generation for exception conditions
Software—Practice & Experience
Genetic Algorithms in Search, Optimization and Machine Learning
Genetic Algorithms in Search, Optimization and Machine Learning
A static measure of a subset of intra-procedural data flow testing coverage based on node coverage
CASCON '99 Proceedings of the 1999 conference of the Centre for Advanced Studies on Collaborative research
ITS4: A static vulnerability scanner for C and C++ code
ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
Characterizing the 'Security Vulnerability Likelihood' of Software Functions
ICSM '03 Proceedings of the International Conference on Software Maintenance
Analysis and Visualization of Predicate Dependence on Formal Parameters and Global Variables
IEEE Transactions on Software Engineering
Search-based software test data generation: a survey: Research Articles
Software Testing, Verification & Reliability
Statically detecting likely buffer overflow vulnerabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Automated Test Data Generation using Search Based Software Engineering
AST '07 Proceedings of the Second International Workshop on Automation of Software Test
Polyglot: automatic extraction of protocol message format using dynamic binary analysis
Proceedings of the 14th ACM conference on Computer and communications security
Detecting buffer overflow via automatic test input data generation
Computers and Operations Research
Automatic feedback, control-based, stress and load testing
Proceedings of the 2008 ACM symposium on Applied computing
A systematic review of search-based testing for non-functional system properties
Information and Software Technology
The life and death of statically detected vulnerabilities: An empirical study
Information and Software Technology
The relationship between search based software engineering and predictive modeling
Proceedings of the 6th International Conference on Predictive Models in Software Engineering
A study of the bi-objective next release problem
Empirical Software Engineering
Search-based software engineering: Trends, techniques and applications
ACM Computing Surveys (CSUR)
An orchestrated survey of methodologies for automated software test case generation
Journal of Systems and Software
| Hi-index | 0.01 |
Buffer overflows cause serious problems in different categories of software systems. For example, if present in network or security applications, they can be exploited to gain unauthorized grant or access to the system. In embedded systems, such as avionics or automotive systems, they can be the cause of serious accidents.This paper proposes to combine static analysis and program slicing with evolutionary testing, to detect buffer overflow threats. Static analysis identifies vulnerable statements, while slicing and data dependency analysis identify the relationship between these statements and program or function inputs, thus reducing the search space.To guide the search towards discovering buffer overflow in this work we define three multi-objective fitness functions and compare them on two open-source systems. These functions account for terms such as the statement coverage, the coverage of vulnerable statements, the distance form buffer boundaries and the coverage of unconstrained nodes of the control flow graph.