Bodhi: Detecting Buffer Overflows with a Game

Author

Chen, Jie ; Mao, Xiaoguang

Author_Institution

Nat. Lab. for Parallel & Distrib. Process., Changsha, China

fYear

2012

fDate

20-22 June 2012

Firstpage

168

Lastpage

173

Abstract

Buffer overflow is one of the most dangerous and common vulnerabilities in CPS software. Despite static and dynamic analysis, manual analysis is still heavily used which is useful but costly. Human computation harness humans´ time and energy in a way of playing games to solve computational problems. In this paper we propose a human computation method to detect buffer overflows that does not ask a person whether there is a potential vulnerability, but rather a random person´s idea. We implement this method as a game called Bodhi in which each player is shown a piece of code snippet and asked to choose whether their partner would think there is a buffer overflow vulnerability at a given position in the code. The purpose of the game is to make use of the rich distributed human resource to increase effectiveness of manual detection for buffer overflows. The game has been proven to be efficient and enjoyable in practice.

Keywords

buffer storage; game theory; program debugging; program diagnostics; Bodhi; CPS software; buffer overflow vulnerability; buffer overflows detection; computational problems; dynamic analysis; game; human computation method; human resource; manual analysis; piece of code snippet; static analysis; Buffer overflow; Games; Humans; Manuals; Programming; Servers; Software; CPS; software vulnerability; buffer overflow; human computation; game;

fLanguage

English

Publisher

ieee

Conference_Titel

Software Security and Reliability Companion (SERE-C), 2012 IEEE Sixth International Conference on

Conference_Location

Gaithersburg, MD

Print_ISBN

978-1-4673-2670-4

Type

conf

DOI

10.1109/SERE-C.2012.35

Filename

6258465