Skip to main content
SpringerLink
Log in

Research on Software Buffer Overflow Flaw Model and Test Technology

  • Conference paper
Emerging Research in Web Information Systems and Mining (WISM 2011)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 238))

Included in the following conference series:

  • 908 Accesses

Abstract

This paper summarized the development of software remote buffer overflow flaw model and test technique concerned. Based on the analysis of the cause and principle of software remote buffer overflow, a software remote buffer overflow theory model and a logical analysis technique of network protocol session sequence were brought forth. Through introduction to black-box test method, an I/O test technique based on software remote buffer overflow model was presented to solve the following key problems, such as, position technique of software remote buffer overflow doubtful sites, analysis technique of error injection contents and detection technique of software remote buffer overflow. At last, an application system was completed, and experiment results show that the I/O test technique based on software remote buffer overflow model can effectively find and position the potential remote buffer-overflow flaws in system software.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Wang, T.t., Han, W., Wang, H.: Analyze model of softerware based on security flaw required. Computer sinc. 34(9) (2007)

    Google Scholar 

  2. Kallen, M.J., van Noortwijk, J.M.: Optimal periodic onspection of a deteriation process with sequential condition states. Int. J. Pressel Vessel Piping (in press) (this issue)

    Google Scholar 

  3. Byers, D., Ardi, S., Shahmehri, N., Duma, C.: Modeling Software Vulnerabilities With Vulnerability Cause Graphs. In: The 22nd IEEE International Conference on Software Maintenance (2006)

    Google Scholar 

  4. Viega, J., Bloch, J.T., Kohno, T., McCraw, G.: ITS4: A Static Vulnerability Scanner for C and C++ Code. Annual Computer Security Applications Conference (December 2000)

    Google Scholar 

  5. Evans, D., Guttag, J., Horning, J., Meng, Y.: LCLint: A Tool for Using Specification to Check Code. In: SIGSOFT Symposium on the Foundations of Software Engineering (December 1994)

    Google Scholar 

  6. larochelle, D., Evans, D.: Statically detecting linkly buffer overflow vulnerabilities. In: USENIX Security Symposium, Washington, D.C. (August 2001)

    Google Scholar 

  7. Xie, Y., Chou, A., Engler, D.: ARCHER: Using Symbolic, Pathsensitive Analysis to Detect Memory Access Errors. In: ESES/FSE 2003, Helsinki, Finland, September 1-5 (2003)

    Google Scholar 

  8. Dor, N., Rodeh, M., Sagiv, S.: CSSV: towards a realistic tool for statically detecting all buffer overflows. In: C.PLDI 2003, pp. 155–167 (2003)

    Google Scholar 

  9. Wagner, D.: Static Analysis and Comuter Security: New Technique for Software Assurance. PHD Dissertation, Fall (2000)

    Google Scholar 

  10. Ganapathy, V., Jha, S., Chandler, D., Melski, D., Vitek, D.: Buffer Overrun Detection using Linear Programming and Static Analysis. In: CCS 2003, Washington, DC, USA, October 27-30 (2003)

    Google Scholar 

  11. Hsugh, E., Bishop, M.: Testing C Programs for Buffer Overflow Vulnerabilities. In: The 10th Annual Network and Distributed System Security Symposium Catamaran Resort Hotel San Diego, California (February 2003)

    Google Scholar 

  12. Lhee, K.-s., Chapin, S.J.: Type-Assisted Dynamic Buffer Over-flow Detection. In: USENIX Security Symposium, pp. 81–88 (2002)

    Google Scholar 

  13. Cowan, C., Pu, C., Maier, D., hinton, H., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q.: Stackguard: Automatic adaptive detection and prevention of buffer-overflow attacks. In: Proceedings of the 7th USENIX Security Symposium, San Antonio, TX, pp. 63–77. USENIX (January 1998)

    Google Scholar 

  14. StackShield, http://www.angelfire.com/sk/stackshield

  15. Baratllo, A., Singh, N., Tsai, T.: Transparent runtime defense aganist stack smashing attacks. In: Proceedings of the 2000 USENIX Annual Technical Conference, pp. 251–262. USENIX, San Jose (2000)

    Google Scholar 

  16. PaX, http://pageexec.virtualave.net

  17. SolarDesigner, Non-executable stack patch, http://www.openwall.com/linux

  18. Niu, L.B., Liu, M.R.: Research on software defects classification. Chinese Journal of Application Research of Computers 21(6) (2004)

    Google Scholar 

  19. Ye, Y.Q., Li, H., Zheng, Y.F., Hong, X., Zheng, D.: Analysis of buffer overflow in binary files. Chinese Journal of Computer Engineering 32(16) (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Distance Education Research Center of Shaanxi Province, 32, HanGuang North Road(Middle), Xi’an, Shaanxi Province, P.C 710068, China

    Junfeng Wang

Authors
  1. Junfeng Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer and Information Science, University of Macau, Taipa, Macau, China

    Gong Zhiguo

  2. School of Computer, Shanghai University, 200444, Shanghai, China

    Xiangfeng Luo

  3. School of Computer and Software, Taiyuan University of Technology, 030024, Taiyuan, China

    Junjie Chen

  4. Caritas Institute of Higher Education, 18 Chui Ling Road, Tseung Kwan, Hong Kong SAR, China

    Fu Lee Wang

  5. School of Computer and Information Engineering, Shanghai University of Electric Power, 200090, Shanghai, China

    Jingsheng Lei

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Wang, J. (2011). Research on Software Buffer Overflow Flaw Model and Test Technology. In: Zhiguo, G., Luo, X., Chen, J., Wang, F.L., Lei, J. (eds) Emerging Research in Web Information Systems and Mining. WISM 2011. Communications in Computer and Information Science, vol 238. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-24273-1_26

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-24273-1_26

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-24272-4

  • Online ISBN: 978-3-642-24273-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation