loading
Documents

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Sun Ding 1 ; Hee Beng Kuan Tan 1 and Hongyu Zhang 2

Affiliations: 1 Nanyang Technological University, Singapore ; 2 Tsinghua University, China

ISBN: 978-989-758-028-4

Keyword(s): Buffer Overflow, Static Analysis, Automatic Bug Fixing, Security Vulnerability.

Related Ontology Subjects/Areas/Topics: Communication and Software Technologies and Architectures ; Computer-Supported Education ; e-Business ; Energy and Economy ; Enterprise Information Systems ; Information Systems Analysis and Specification ; Information Technologies Supporting Learning ; Mobile and Pervasive Computing ; Security and Privacy ; Software Engineering ; Sustainable Computing and Communications ; Telecommunications ; Tools, Techniques and Methodologies for System Development

Abstract: Buffer overflow vulnerability is one of the commonly found significant security vulnerabilities. This vulnerability may occur if a program does not sufficiently prevent input from exceeding intended size or accessing unintended memory locations. Researchers have put effort in different directions to address this vulnerability, including creating a run-time defence mechanism, proposing effective detection methods or automatically modifying the original program to remove the vulnerabilities. These techniques share many commonalities and also have differences. In this paper, we characterize buffer overflow vulnerability in the form of four patterns and propose ABOR--a framework that integrates, extends and generalizes existing techniques to remove buffer overflow vulnerability more effectively and accurately. ABOR only patches identified code segments; thus it is an optimized solution that can eliminate buffer overflows while keeping a minimum runtime overhead. We have implemented the pr oposed approach and evaluated it through experiments on a set of benchmarks and three industrial C/C++ applications. The experiment result proves ABOR’s effectiveness in practice. (More)

PDF ImageFull Text

Download
Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 54.236.234.60

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Ding S., Tan H. and Zhang H. (2014). Automatic Removal of Buffer Overflow Vulnerabilities in C/C++ Programs.In Proceedings of the 16th International Conference on Enterprise Information Systems - Volume 2: ICEIS, ISBN 978-989-758-028-4, pages 49-59. DOI: 10.5220/0004888000490059

@conference{iceis14,
author={Sun Ding and Hee Beng Kuan Tan and Hongyu Zhang},
title={Automatic Removal of Buffer Overflow Vulnerabilities in C/C++ Programs},
booktitle={Proceedings of the 16th International Conference on Enterprise Information Systems - Volume 2: ICEIS,},
year={2014},
pages={49-59},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004888000490059},
isbn={978-989-758-028-4},
}

TY - CONF

JO - Proceedings of the 16th International Conference on Enterprise Information Systems - Volume 2: ICEIS,
TI - Automatic Removal of Buffer Overflow Vulnerabilities in C/C++ Programs
SN - 978-989-758-028-4
AU - Ding S.
AU - Tan H.
AU - Zhang H.
PY - 2014
SP - 49
EP - 59
DO - 10.5220/0004888000490059

Login or register to post comments.

Comments on this Paper: Be the first to review this paper.