An Evolutionary Computing Approach for Hunting Buffer Overflow Vulnerabilities: A Case of Aiming in Dim Light

Author

Rawat, Sanjay ; Mounier, Laurent

Author_Institution

Verimag Lab., Univ. Joseph Fourier, Gières, France

fYear

2010

fDate

28-29 Oct. 2010

Firstpage

37

Lastpage

45

Abstract

We propose an approach in the form of a light weight smart fuzzer to generate string based inputs to detect buffer overflow vulnerability in C code. The approach is based on an evolutionary algorithm which is a combination of genetic algorithm and evolutionary strategies. In this preliminary work we focus on the problem that there are constraints on string inputs that must be satisfied in order to reach the vulnerable statement in the code and we have very little or no knowledge about them. Unlike other similar approaches, our approach is able to generate such inputs without knowing these constraints explicitly. It learns these constraints automatically while generating inputs dynamically by executing the vulnerable program. We provide few empirical results on a benchmarking dataset-Verisec suite of programs.

Keywords

benchmark testing; genetic algorithms; program testing; software reliability; C code; Verisec suite; buffer overflow vulnerabilities; dim light; evolutionary computing approach; evolutionary strategies; genetic algorithm; light weight smart fuzzer; Evolutionary computation; Gallium; Instruments; Performance analysis; Runtime; Security; Software; buffer overflow; data- and control-flow; evolutionary algorithm; fuzzing; vulnerability;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Network Defense (EC2ND), 2010 European Conference on

Conference_Location

Berlin

Print_ISBN

978-1-4244-9377-7

Type

conf

DOI

10.1109/EC2ND.2010.14

Filename

5663319