DMCA
Testing C programs for buffer overflow vulnerabilities (2003)
Cached
Download Links
- [www.isoc.org]
- [nob.cs.ucdavis.edu]
- [nob.cs.ucdavis.edu]
- [seclab.cs.ucdavis.edu]
- [washington.cs.ucdavis.edu]
- [seclab.cs.ucdavis.edu]
- [www.eecs.umich.edu]
- DBLP
Other Repositories/Bibliography
| Venue: | In Proceedings of the Network and Distributed System Security Symposium |
| Citations: | 42 - 1 self |
BibTeX
@INPROCEEDINGS{Haugh03testingc,
author = {Eric Haugh},
title = {Testing C programs for buffer overflow vulnerabilities},
booktitle = {In Proceedings of the Network and Distributed System Security Symposium},
year = {2003}
}
Share
 |
 |
 |
 |
||
OpenURL
Abstract
Security vulnerabilities often result from buffer overflows. A testing technique that instruments programs with code that keeps track of memory buffers, and checks arguments to functions to determine if they satisfy certain conditions, warns when a buffer overflow may occur. It does so when executed with ”normal ” test data as opposed to test data designed to trigger buffer overflows. A tool using this method was developed and evaluated by testing three widely used, open source software packages. This evaluation shows that the tool is useful for finding buffer overflow flaws, that it has a low false positive rate, and compares well with other techniques. 1
