• DocumentCode
    3733995
  • Title

    A highly automated binary software vulnerability risk evaluation method for off-by-one stack based buffer overflow

  • Author

    Ke Yan;Dong Liu;Fanzhi Meng

  • Author_Institution
    New Generation of Information Technology Center, Institute of Computer Application, China Academy of Engineering Physics, Mianyang, China
  • fYear
    2015
  • Firstpage
    16
  • Lastpage
    20
  • Abstract
    Software off-by-one stack based buffer overflow vulnerability may enable attacker to execute arbitrary code via a malformed input, causing persistent threat to computer and communication systems. However, current risk evaluation method is time-consuming and requires a group of people with security knowledge. This paper takes an insight investigation and presents a novel black-box off-by-one stack-based buffer overflow risk evaluation method to deal with the problem. The proposed method is able to bypass the labor-intensive task of in-depth manual program analysis. The proposed method is also easy to deploy and highly automated. Experimental results on both self-developed and real software proved the effectiveness.
  • Keywords
    "Buffer overflows","Software","Registers","Security","Layout","Computers"
  • Publisher
    ieee
  • Conference_Titel
    Computer and Communications (ICCC), 2015 IEEE International Conference on
  • Print_ISBN
    978-1-4673-8125-3
  • Type

    conf

  • DOI
    10.1109/CompComm.2015.7387532
  • Filename
    7387532
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3733995