Modelling Binary Oriented Software Buffer-Overflow Vulnerability in Process Algebra

Software is ubiquitous in numerous industries, such as financial and commercial industries and military industries, playing the manager role to manipulate the data and equipment. Consequently, its vulnerabilities become great insecurity factors. To prevent the exploit of vulnerabilities, it is essential to study the characteristic of vulnerabilities, and a model to describe them is prerequisite. In this paper, a vulnerability modeling method BSVPA (Binary oriented Software Vulnerability in Process Algebra) is proposed. The concept of communication in Process Algebra is introduced to model the transition of data. Our method is binary oriented since the source code of most commercial software is unavailable, and it is more flexible with more concise presentation because of its fine-granularity. At last we give a case study to show more details about how BSVPA works.