Abstract
This paper summarized the development of software remote buffer overflow flaw model and test technique concerned. Based on the analysis of the cause and principle of software remote buffer overflow, a software remote buffer overflow theory model and a logical analysis technique of network protocol session sequence were brought forth. Through introduction to black-box test method, an I/O test technique based on software remote buffer overflow model was presented to solve the following key problems, such as, position technique of software remote buffer overflow doubtful sites, analysis technique of error injection contents and detection technique of software remote buffer overflow. At last, an application system was completed, and experiment results show that the I/O test technique based on software remote buffer overflow model can effectively find and position the potential remote buffer-overflow flaws in system software.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Wang, T.t., Han, W., Wang, H.: Analyze model of softerware based on security flaw required. Computer sinc. 34(9) (2007)
Kallen, M.J., van Noortwijk, J.M.: Optimal periodic onspection of a deteriation process with sequential condition states. Int. J. Pressel Vessel Piping (in press) (this issue)
Byers, D., Ardi, S., Shahmehri, N., Duma, C.: Modeling Software Vulnerabilities With Vulnerability Cause Graphs. In: The 22nd IEEE International Conference on Software Maintenance (2006)
Viega, J., Bloch, J.T., Kohno, T., McCraw, G.: ITS4: A Static Vulnerability Scanner for C and C++ Code. Annual Computer Security Applications Conference (December 2000)
Evans, D., Guttag, J., Horning, J., Meng, Y.: LCLint: A Tool for Using Specification to Check Code. In: SIGSOFT Symposium on the Foundations of Software Engineering (December 1994)
larochelle, D., Evans, D.: Statically detecting linkly buffer overflow vulnerabilities. In: USENIX Security Symposium, Washington, D.C. (August 2001)
Xie, Y., Chou, A., Engler, D.: ARCHER: Using Symbolic, Pathsensitive Analysis to Detect Memory Access Errors. In: ESES/FSE 2003, Helsinki, Finland, September 1-5 (2003)
Dor, N., Rodeh, M., Sagiv, S.: CSSV: towards a realistic tool for statically detecting all buffer overflows. In: C.PLDI 2003, pp. 155–167 (2003)
Wagner, D.: Static Analysis and Comuter Security: New Technique for Software Assurance. PHD Dissertation, Fall (2000)
Ganapathy, V., Jha, S., Chandler, D., Melski, D., Vitek, D.: Buffer Overrun Detection using Linear Programming and Static Analysis. In: CCS 2003, Washington, DC, USA, October 27-30 (2003)
Hsugh, E., Bishop, M.: Testing C Programs for Buffer Overflow Vulnerabilities. In: The 10th Annual Network and Distributed System Security Symposium Catamaran Resort Hotel San Diego, California (February 2003)
Lhee, K.-s., Chapin, S.J.: Type-Assisted Dynamic Buffer Over-flow Detection. In: USENIX Security Symposium, pp. 81–88 (2002)
Cowan, C., Pu, C., Maier, D., hinton, H., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q.: Stackguard: Automatic adaptive detection and prevention of buffer-overflow attacks. In: Proceedings of the 7th USENIX Security Symposium, San Antonio, TX, pp. 63–77. USENIX (January 1998)
StackShield, http://www.angelfire.com/sk/stackshield
Baratllo, A., Singh, N., Tsai, T.: Transparent runtime defense aganist stack smashing attacks. In: Proceedings of the 2000 USENIX Annual Technical Conference, pp. 251–262. USENIX, San Jose (2000)
SolarDesigner, Non-executable stack patch, http://www.openwall.com/linux
Niu, L.B., Liu, M.R.: Research on software defects classification. Chinese Journal of Application Research of Computers 21(6) (2004)
Ye, Y.Q., Li, H., Zheng, Y.F., Hong, X., Zheng, D.: Analysis of buffer overflow in binary files. Chinese Journal of Computer Engineering 32(16) (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wang, J. (2011). Research on Software Buffer Overflow Flaw Model and Test Technology. In: Zhiguo, G., Luo, X., Chen, J., Wang, F.L., Lei, J. (eds) Emerging Research in Web Information Systems and Mining. WISM 2011. Communications in Computer and Information Science, vol 238. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-24273-1_26
Download citation
DOI: https://doi.org/10.1007/978-3-642-24273-1_26
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-24272-4
Online ISBN: 978-3-642-24273-1
eBook Packages: Computer ScienceComputer Science (R0)