Title :
A highly automated binary software vulnerability risk evaluation method for off-by-one stack based buffer overflow
Author :
Ke Yan;Dong Liu;Fanzhi Meng
Author_Institution :
New Generation of Information Technology Center, Institute of Computer Application, China Academy of Engineering Physics, Mianyang, China
Abstract :
Software off-by-one stack based buffer overflow vulnerability may enable attacker to execute arbitrary code via a malformed input, causing persistent threat to computer and communication systems. However, current risk evaluation method is time-consuming and requires a group of people with security knowledge. This paper takes an insight investigation and presents a novel black-box off-by-one stack-based buffer overflow risk evaluation method to deal with the problem. The proposed method is able to bypass the labor-intensive task of in-depth manual program analysis. The proposed method is also easy to deploy and highly automated. Experimental results on both self-developed and real software proved the effectiveness.
Keywords :
"Buffer overflows","Software","Registers","Security","Layout","Computers"
Conference_Titel :
Computer and Communications (ICCC), 2015 IEEE International Conference on
Print_ISBN :
978-1-4673-8125-3
DOI :
10.1109/CompComm.2015.7387532