Program Slicing Based Buffer Overflow Detection
Yingzhou Zhang, Wei Fu, Xiaofei Qian, Wei Chen
.
 DOI: 10.4236/jsea.2010.310113   PDF    HTML     4,864 Downloads   8,313 Views   Citations

Abstract

The development of the information technology has brought threats to human society when it has influenced seriously the global politics, economics and military etc. But among the security of information system, buffer overrun vulnerability is undoubtedly one of the most important and common vulnerabilities. This paper describes a new technology, named program slicing, to detect the buffer overflow leak in security-critical C code. First, we use slicing technology to analyze the variables which may be with vulnerability and extract the expressions which will bring memory overflow. Secondly, we utilize debug technology to get the size of memory applied by the variable and the size of memory used for these code segments (the slicing result) further. Therefore we can judge whether it will overflow according to the analysis above. According to the unique excellence of program slicing performing in the large-scale program’s debugging, the method to detect buffer overrun vulnerability described in this paper will reduce the workload greatly and locate the code sentences affected by corresponding variable set quickly, particularly including the potential vulnerability caused by parameter dependence among the subroutines.

Share and Cite:

Y. Zhang, W. Fu, X. Qian and W. Chen, "Program Slicing Based Buffer Overflow Detection," Journal of Software Engineering and Applications, Vol. 3 No. 10, 2010, pp. 965-971. doi: 10.4236/jsea.2010.310113.

Conflicts of Interest

The authors declare no conflicts of interest.

References

[1] “CERT/CC.Vulnerability Notes by Metric,” http://www.kb. cert.org/vuls/bymetric?open&start=1&count=20
[2] “US-CERT Recently Published Vulnerability Notes,” http://www.kb.cert.org/vuls/atomfeed?OpenView&start =1&count=30
[3] “Secure Software, Rough Auditing Tool for Security, (RATS),” Secure Software Inc, http://www.secure software.com
[4] J. Viega, J. T. Bloch, T. Kohno and G. McGraw, “ITS4: A Static Vulnerability Scanner for c and c++ Code,” Annual Computer Security Applications Conference, Hawaii, 2000, pp. 257-267.
[5] D. Evans and D. Larochelle, “Improving Security Using Extensible Lightweight Static Analysis,” IEEE Software, Vol. 19, No. 1, 2002, pp. 42-51.
[6] M. Weiser, “Program Slicing,” The IEEE Transactions on Software Engineering, Vol. 10, No. 4, 1984, pp. 352-357.
[7] Y.Z. Zhang and B. W. Xu, “A Novel Formal Approach to Program Slicing,” Science in China, Series E, Information Sciences, Vol. 38, No. 2, 2008, pp. 161-176.
[8] S. Horwitz, T. Reps and D. Binkley, “Interprocedural Slicing Using Dependence Graphs,” ACM Transaction on Programming Languages and Systems, Vol. 12, No. 1, pp. 26-60.
[9] “Zeta Debugger,” http://www.fyzor.com/debugger/index.htm

Journals Menu
Follow SCIRP
Contact us
+1 323-425-8868
customer@scirp.org
WhatsApp +86 18163351462(WhatsApp)
Click here to send a message to me 1655362766
Paper Publishing WeChat

Copyright © 2024 by authors and Scientific Research Publishing Inc.

Creative Commons License

This work and the related PDF file are licensed under a Creative Commons Attribution 4.0 International License.