Identifying buffer overflow vulnerabilities based on binary code

Author

Ding, Shunli ; Yuan, Jingbo

Author_Institution

Northeastern Univ. at Qinhuangdao, Qinhuangdao, China

Volume

4

fYear

2011

fDate

10-12 June 2011

Firstpage

738

Lastpage

742

Abstract

Buffer overflow attack is the most common and arguably the most dangerous attack method. The buffer overflow detecting will play a significant role in network security filed. Various solutions have been developed to address the buffer overflow vulnerability problem. The paper presents a method that combines static analysis with dynamic test. By using the method we can identify a lot of potential weakness locations. A buffer overflow vulnerabilities testing system was developed. Using the system some PE-format files and dynamic link library files are detected respectively. The experiment results show that the method is feasibility and availability.

Keywords

binary codes; buffer storage; dynamic testing; file organisation; telecommunication security; PE-format files; binary code; buffer overflow attack; buffer overflow vulnerability; dynamic link library files; dynamic test; network security; static analysis; Assembly; Buffer overflow; Libraries; Registers; Security; Software; Testing; buffer overflow vulnerability; dynamic test; network security; static analysis;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Science and Automation Engineering (CSAE), 2011 IEEE International Conference on

Conference_Location

Shanghai

Print_ISBN

978-1-4244-8727-1

Type

conf

DOI

10.1109/CSAE.2011.5952950

Filename

5952950