Abstract

Security vulnerabilities often result from buffer overflows. A testing technique that instruments programs with code that keeps track of memory buffers, and checks arguments to functions to determine if they satisfy certain conditions, warns when a buffer overflow may occur. It does so when executed with ”normal ” test data as opposed to test data designed to trigger buffer overflows. A tool using this method was developed and evaluated by testing three widely used, open source software packages. This evaluation shows that the tool is useful for finding buffer overflow flaws, that it has a low false positive rate, and compares well with other techniques. 1

Citations

1532	Aspect-oriented programming - Kiczales, Lamping, et al. - 1997
1080	An overview of AspectJ - Kiczales, Hilsdale, et al. - 2001
339	A first step towards automated detection of buffer overrun vulnerabilities - Wagner, Foster, et al. - 2000
303	Purify: Fast detection of memory leaks and access errors - Hastings, Joyce - 1991
196	Empirical study of the reliability of unix utilities - Miller, Fredricksen, et al. - 1990
169	Statically Detecting Likely Buffer Overflow Vulnerabilities - Larochelle, Evans - 2001
131	Buffer overflows: Attacks and defenses for the vulnerability of the decade - Cowan, Wagle, et al.
116	With Microscope and Tweezers: An Analysis of the Internet Virus of November 1988 - Eichin, Rochlis - 1989
98	Using AspectC to improve the modularity of path-specific customization in operating system code - COADY, KICZALES, et al.
82	An Empirical Study of the Robustness of Windows NT Applications Using Random Testing - Forrester, Miller - 2000
81	Fuzz revisited: A re-examination of the reliability of UNIX utilities and services - Miller, Koski, et al. - 1995
72	ITS4: A static vulnerability scanner for c and c++ code - Viega, Bloch, et al. - 2000
71	Building Secure Software - Viega, McGraw - 2002
63	GENOA a customizable, language- and front--end independent code analyzer - Devanbu - 1992
42	Mutation analysis - Acree, Budd, et al. - 1979
38	Cleanness Checking of String Manipulations in C Programs via Integer Analysis - Dor, Rodeh, et al.
37	An automated approach for identifying potential vulnerabilities in software - Ghosh, O’Connor, et al. - 1998
25	Property-based testing of privileged programs - Fink, Levitt - 1994
23	A step towards automated detection of buer overrun vulnerabilities - Wagner, Foster, et al. - 2000
22	Smashing the stack for fun and profit - AlephOne - 1996
17	Property based testing: A new approach to testing for assurance - Fink, Bishop - 1997
17	Vulnerability testing of software system using fault injection - Du, Mathur - 1998
15	a C program checker. Computer Science - Lint - 1978
11	strlcpy and strlcat – consistent, safe string copy and concatenation - Miller, Raadt - 1999
10	Toward a Property-based Testing Environment with Application to Security Critical Software - Fink, Ko, et al. - 1994
10	and Theo de Raadt. strlcpy and strlcat – Consistent, Safe, String Copy and Concatenation - Miller - 1999
8	A new security testing method and its application to the secure xenix kernel - Gligor, Chandersekaran, et al. - 1987
5	An interface language between specifications and testing - Fink, Helmke, et al. - 1995
5	Experience with a Penetration Analysis Method and Tool - Gupta, Gligor - 1992
5	Statically detecting likely buer over vulnerabilities - Larochelle, Evans - 2001
4	Smashing the stack for fun and pro - One - 1996
3	Buer Over Attacks and Defenses for the Vulnerability of the Decade - Cowan, Wagle, et al. - 1999
3	Analyzing Programs for Vulnerability to Bu er Overrun Attacks - GHOSH, O'CONNOR - 1998
2	The poisoned nul byte, post to the bugtraq mailing list - Kirch - 1998
2	The poisoned NUL byte," post to the bugtraq mailing list - Kirch - 1998
1	single-byte buffer overflow vulnerability in ftpd - developers - 2000
1	An interface language between speci and testing - Fink, Helmke, et al. - 1995
1	Single-byte buer over vulnerability in ftpd - developers - 2000