Constraint-Based Testing for Buffer Overflows

  • Loui Al SardyEmail author
  • Francesca SagliettiEmail author
  • Tong Tang
  • Heiko Sonnenberg
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11094)


This article proposes two heuristic approaches targeted at the optimized generation of test cases capable of triggering buffer overflows resp. underflows. Both testing techniques are based on guiding conditions statically derived by Integer Constraint Analysis. First experimental evaluations confirmed the superiority of local optimization algorithms over global ones.


Software vulnerability Buffer overflow Integer Constraint Analysis Testing technique Global optimization Local optimization 



The authors gratefully acknowledge that a major part of the work presented was supported by the German Federal Ministry for Economic Affairs and Energy (BMWi), project no. 1501502C (SMARTEST). They also thank Marc Spisländer for his support in providing the code examples considered in this article.


  1. 1.
    Al Sardy, L., Tang, T., Spisländer, M., Saglietti, F.: Analysis of potential code vulnerabilities involving overlapping instructions. In: Tonetta, S., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2017. LNCS, vol. 10489, pp. 103–113. Springer, Cham (2017). Scholar
  2. 2.
    Andriesse, D., Bos, H.: Instruction-level steganography for covert trigger-based malware. In: Dietrich, S. (ed.) DIMVA 2014. LNCS, vol. 8550, pp. 41–50. Springer, Cham (2014). Scholar
  3. 3.
    Chess, B., McGraw, G.: Static analysis for security. In: IEEE Security & Privacy, vol. 2, pp. 76–79. IEEE (2004).
  4. 4.
    Del Grosso, C., Antoniol, G., Merlo, E., Galinier, P.: Detecting buffer overflow via automatic test input data generation. In: Computers & Operations Research, vol. 35, pp. 3125–3143. Elsevier (2008)Google Scholar
  5. 5.
    Department of Homeland Security (U.S.): Annual Vulnerability Coordination Report. National Cybersecurity and Communications Integration Center/Industrial Control Systems Cyber Emergency Response Team (2016)Google Scholar
  6. 6.
    Dor, N., Rodeh, M., Sagiv, M.: Cleanness checking of string manipulations in C programs via integer analysis. In: Cousot, P. (ed.) SAS 2001. LNCS, vol. 2126, pp. 194–212. Springer, Heidelberg (2001). Scholar
  7. 7.
    Dor, N., Rodeh, M., Sagiv, M.: CSSV: towards a realistic tool for statically detecting all buffer overflows. In: Programming Language Design and Implementation (PLDI), vol. 38, pp. 155–167. ACM (2003).
  8. 8.
    Evans, D., Larochelle, D.: Improving security using extensible lightweight static analysis. IEEE Softw. 19, 42–51 (2002). Scholar
  9. 9.
    Foster, J.C., Osipov, V., Bhalla, N., Heinen, N.: Buffer Overflow Attacks: Detect, Exploit, Prevent. Syngress, Rockland (2005)Google Scholar
  10. 10.
    Haugh, E., Bishop, M.: Testing C programs for buffer overflow vulnerabilities. In: Network and Distributed System Security Symposium (2003)Google Scholar
  11. 11.
    International Organization for Standardization (ISO): Programming Languages ─ C, International Standard ISO/ IEC 9899:TC3 (E). ISO (2007).
  12. 12.
    Jämthagen, C., Lantz, P., Hell, M.: Exploiting trust in deterministic builds. In: Skavhaug, A., Guiochet, J., Bitsch, F. (eds.) SAFECOMP 2016. LNCS, vol. 9922, pp. 238–249. Springer, Cham (2016). Scholar
  13. 13.
    Larochelle, D., Evans D.: Statically detecting likely buffer overflow vulnerabilities. In: 10th Conference on USENIX Security Symposium, vol. 10, pp. 177–190. ACM (2001)Google Scholar
  14. 14.
    Le. W., Soffa, M.L.: Marple: a Demand-driven path-sensitive buffer overflow detector. In: 16th ACM SIGSOFT International Symposium on Foundations of Software Engineering. ACM (2008).
  15. 15.
    Lhee, K., Chapin, S.: Buffer overflow and format string overflow vulnerabilities. J. Softw. Pract. Exp. 33, 423–460 (2003).
  16. 16.
    Oster, N., Saglietti, F.: Automatic test data generation by multi-objective optimisation. In: Górski, J. (ed.) SAFECOMP 2006. LNCS, vol. 4166, pp. 426–438. Springer, Heidelberg (2006). Scholar
  17. 17.
    Padmanabhuni, B.M., Tan, H.B.K.: Auditing buffer overflow vulnerabilities using hybrid static–dynamic analysis. In: 38th Annual International Computers, Software and Applications Conference, vol. 10, pp. 54–61 (2014).
  18. 18.
    Saglietti, F., Meitner, M., von Wardenburg, L., Richthammer, V.: Analysis of informed attacks and appropriate countermeasures for cyber-physical systems. In: Skavhaug, A., Guiochet, J., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2016. LNCS, vol. 9923, pp. 222–233. Springer, Cham (2016). Scholar
  19. 19.
    Schneider Electric Software Security Response Center: InduSoft Web Studio and InTouch Machine Edition – Remote Code Execution Vulnerability, Security Bulletin LFSEC00000125 (2018)Google Scholar
  20. 20.
    Shahriar, H., Zulkernine, M.: Classification of static analysis-based buffer overflow detectors. In: 4th International Conference on Secure Software Integration and Reliability Improvement Companion (SSIRI-C). IEEE (2010).
  21. 21.
    Shahriar, H., Zulkernine, M.: Mutation-based testing of buffer overflow vulnerabilities. In: Computer Software and Applications (COMPSAC 2008), pp. 979–984. IEEE (2008)Google Scholar
  22. 22.
    Tracey, N., Clark, J., Mander, K., McDermid, J.: An automated framework for structural test-data generation. In: 13th IEEE International Conference on Automated Software Engineering, pp. 285–288. IEEE (1998).
  23. 23.
    Wagner, D., Foster, J.S., Brewer, E.A., Aiken, A.: A first step towards automated detection of buffer overrun vulnerabilities. In: Network and Distributed System Security Symposium (NDSS), pp. 3–17 (2000)Google Scholar
  24. 24.
    Wegener, J., Baresel, A., Sthamer, H.: Evolutionary test environment for automatic structural testing. In: Information and Software Technology, vol. 43, pp. 841–854. Elsevier (2001).
  25. 25.
    Weiser, M.: Program slicing. In: 5th International Conference on Software Engineering, pp. 439–449. IEEE Press (1981)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.Software Engineering (Informatik 11)University of Erlangen-NurembergErlangenGermany

Personalised recommendations