Abstract

Security vulnerabilities often result from buffer overflows. A testing technique that instruments programs with code that keeps track of memory buffers, and checks arguments to functions to determine if they satisfy certain conditions, warns when a buffer overflow may occur. It does so when executed with ”normal ” test data as opposed to test data designed to trigger buffer overflows. A tool using this method was developed and evaluated by testing three widely used, open source software packages. This evaluation shows that the tool is useful for finding buffer overflow flaws, that it has a low false positive rate, and compares well with other techniques. 1

Citations

1454	Aspect-oriented programming - Kiczales, Lamping, et al.
1040	W.G.: An overview of aspectJ - Kiczales, Hilsdale, et al. - 2001
327	A first step towards automated detection of buffer overrun vulnerabilities - Wagner, Foster, et al. - 2000
291	Purify: Fast Detection of Memory Leaks and Access Errors - Hastings, Joyce - 1992
189	An empirical study of the reliability of unix utilities - Miller, Fredriksen, et al. - 1990
166	Statically detecting likely buffer overflow vulnerabilities - Larochelle, Evans - 2001
126	Buffer overflows: Attacks and defenses for the vulnerability of the decade - Cowan, Wagle, et al. - 2000
114	With Microscope and Tweezers: An Analysis of the Internet Virus of November 1988 - Eichin, Rochlis - 1989
92	Using AspectC to Improve the Modularity of Path-Specific Customization - Coady, Feeley, et al. - 2001
80	Fuzz Revisited: A Re-examination of the Reliability of UNIX Utilities and Services,” technical report - Miller, Koski, et al. - 1995
79	An empirical study of the robustness of Windows NT applications using random testing - Forrester, Miller - 2000
69	ITS4: A Static Vulnerability Scanner for C and C++ Code - Viega, Bloch, et al.
69	Building Secure Software - Viega, McGraw - 2001
63	GENOA: A customizable language- and front-end independent code analyzer - Devanbu - 1992
38	Mutation analysis - Acree, Budd, et al. - 1979
36	Cleanness checking of string manipulations in C programs via integer analysis - Dor, Rodeh, et al. - 2001
34	An automated approach for identifying potential vulnerabilities in software - Ghosh, OConnor, et al. - 1998
25	Property-based testing of privileged programs - Fink, Levitt - 1994
23	A step towards automated detection of buer overrun vulnerabilities - Wagner, Foster, et al. - 2000
22	Smashing the stack for fun and profit - AlephOne - 1996
17	Property based testing: A new approach to testing for assurance - Fink, Bishop - 1997
16	Vulnerability Testing of Software System Using Fault Injection - Du, Mathur - 1998
15	a C Program checker Computer Science - Lint - 1977
11	strlcpy and strlcat – consistent, safe string copy and concatenation - Miller, Raadt - 1999
10	and Theo de Raadt. strlcpy and strlcat – Consistent, Safe, String Copy and Concatenation - Miller - 1999
8	Towards a property-based testing environment with applications to security-critical software - Fink, Ko, et al. - 1994
8	A new security testing method and its application to the secure xenix kernel - Gligor, Chandersekaran, et al. - 1987
5	An interface language between specifications and testing - Fink, Helmke, et al. - 1995
5	Experience with a Penetration Analysis Method and Tool - Gupta, Gligor - 1992
5	Statically detecting likely buer over vulnerabilities - Larochelle, Evans - 2001
4	Smashing the stack for fun and pro - One - 1996
3	Buer Over Attacks and Defenses for the Vulnerability of the Decade - Cowan, Wagle, et al. - 1999
3	Analyzing Programs for Vulnerability to Bu er Overrun Attacks - GHOSH, O'CONNOR - 1998
2	The poisoned nul byte, post to the bugtraq mailing list - Kirch - 1998
2	The poisoned NUL byte," post to the bugtraq mailing list - Kirch - 1998
1	single-byte buffer overflow vulnerability in ftpd - developers - 2000
1	An interface language between speci and testing - Fink, Helmke, et al. - 1995
1	Single-byte buer over vulnerability in ftpd - developers - 2000