Abstract
This article proposes two heuristic approaches targeted at the optimized generation of test cases capable of triggering buffer overflows resp. underflows. Both testing techniques are based on guiding conditions statically derived by Integer Constraint Analysis. First experimental evaluations confirmed the superiority of local optimization algorithms over global ones.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Al Sardy, L., Tang, T., Spisländer, M., Saglietti, F.: Analysis of potential code vulnerabilities involving overlapping instructions. In: Tonetta, S., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2017. LNCS, vol. 10489, pp. 103–113. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66284-8_10
Andriesse, D., Bos, H.: Instruction-level steganography for covert trigger-based malware. In: Dietrich, S. (ed.) DIMVA 2014. LNCS, vol. 8550, pp. 41–50. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-08509-8_3
Chess, B., McGraw, G.: Static analysis for security. In: IEEE Security & Privacy, vol. 2, pp. 76–79. IEEE (2004). https://doi.org/10.1109/msp.2004.111
Del Grosso, C., Antoniol, G., Merlo, E., Galinier, P.: Detecting buffer overflow via automatic test input data generation. In: Computers & Operations Research, vol. 35, pp. 3125–3143. Elsevier (2008)
Department of Homeland Security (U.S.): Annual Vulnerability Coordination Report. National Cybersecurity and Communications Integration Center/Industrial Control Systems Cyber Emergency Response Team (2016)
Dor, N., Rodeh, M., Sagiv, M.: Cleanness checking of string manipulations in C programs via integer analysis. In: Cousot, P. (ed.) SAS 2001. LNCS, vol. 2126, pp. 194–212. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-47764-0_12
Dor, N., Rodeh, M., Sagiv, M.: CSSV: towards a realistic tool for statically detecting all buffer overflows. In: Programming Language Design and Implementation (PLDI), vol. 38, pp. 155–167. ACM (2003). https://doi.org/10.1145/780822.781149
Evans, D., Larochelle, D.: Improving security using extensible lightweight static analysis. IEEE Softw. 19, 42–51 (2002). https://doi.org/10.1109/52.976940
Foster, J.C., Osipov, V., Bhalla, N., Heinen, N.: Buffer Overflow Attacks: Detect, Exploit, Prevent. Syngress, Rockland (2005)
Haugh, E., Bishop, M.: Testing C programs for buffer overflow vulnerabilities. In: Network and Distributed System Security Symposium (2003)
International Organization for Standardization (ISO): Programming Languages ─ C, International Standard ISO/ IEC 9899:TC3 (E). ISO (2007). http://www.open-std.org
Jämthagen, C., Lantz, P., Hell, M.: Exploiting trust in deterministic builds. In: Skavhaug, A., Guiochet, J., Bitsch, F. (eds.) SAFECOMP 2016. LNCS, vol. 9922, pp. 238–249. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45477-1_19
Larochelle, D., Evans D.: Statically detecting likely buffer overflow vulnerabilities. In: 10th Conference on USENIX Security Symposium, vol. 10, pp. 177–190. ACM (2001)
Le. W., Soffa, M.L.: Marple: a Demand-driven path-sensitive buffer overflow detector. In: 16th ACM SIGSOFT International Symposium on Foundations of Software Engineering. ACM (2008). https://doi.org/10.1145/1453101.1453137
Lhee, K., Chapin, S.: Buffer overflow and format string overflow vulnerabilities. J. Softw. Pract. Exp. 33, 423–460 (2003). https://doi.org/10.1002/spe.515
Oster, N., Saglietti, F.: Automatic test data generation by multi-objective optimisation. In: Górski, J. (ed.) SAFECOMP 2006. LNCS, vol. 4166, pp. 426–438. Springer, Heidelberg (2006). https://doi.org/10.1007/11875567_32
Padmanabhuni, B.M., Tan, H.B.K.: Auditing buffer overflow vulnerabilities using hybrid static–dynamic analysis. In: 38th Annual International Computers, Software and Applications Conference, vol. 10, pp. 54–61 (2014). https://doi.org/10.1109/compsac.2014.62
Saglietti, F., Meitner, M., von Wardenburg, L., Richthammer, V.: Analysis of informed attacks and appropriate countermeasures for cyber-physical systems. In: Skavhaug, A., Guiochet, J., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2016. LNCS, vol. 9923, pp. 222–233. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45480-1_18
Schneider Electric Software Security Response Center: InduSoft Web Studio and InTouch Machine Edition – Remote Code Execution Vulnerability, Security Bulletin LFSEC00000125 (2018)
Shahriar, H., Zulkernine, M.: Classification of static analysis-based buffer overflow detectors. In: 4th International Conference on Secure Software Integration and Reliability Improvement Companion (SSIRI-C). IEEE (2010). https://doi.org/10.1109/ssiri-c.2010.28
Shahriar, H., Zulkernine, M.: Mutation-based testing of buffer overflow vulnerabilities. In: Computer Software and Applications (COMPSAC 2008), pp. 979–984. IEEE (2008)
Tracey, N., Clark, J., Mander, K., McDermid, J.: An automated framework for structural test-data generation. In: 13th IEEE International Conference on Automated Software Engineering, pp. 285–288. IEEE (1998). https://doi.org/10.1109/ase.1998.732680
Wagner, D., Foster, J.S., Brewer, E.A., Aiken, A.: A first step towards automated detection of buffer overrun vulnerabilities. In: Network and Distributed System Security Symposium (NDSS), pp. 3–17 (2000)
Wegener, J., Baresel, A., Sthamer, H.: Evolutionary test environment for automatic structural testing. In: Information and Software Technology, vol. 43, pp. 841–854. Elsevier (2001). https://doi.org/10.1016/s0950-5849(01)00190-2
Weiser, M.: Program slicing. In: 5th International Conference on Software Engineering, pp. 439–449. IEEE Press (1981)
Acknowledgement
The authors gratefully acknowledge that a major part of the work presented was supported by the German Federal Ministry for Economic Affairs and Energy (BMWi), project no. 1501502C (SMARTEST). They also thank Marc Spisländer for his support in providing the code examples considered in this article.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Appendix
Appendix
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Al Sardy, L., Saglietti, F., Tang, T., Sonnenberg, H. (2018). Constraint-Based Testing for Buffer Overflows. In: Gallina, B., Skavhaug, A., Schoitsch, E., Bitsch, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2018. Lecture Notes in Computer Science(), vol 11094. Springer, Cham. https://doi.org/10.1007/978-3-319-99229-7_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-99229-7_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-99228-0
Online ISBN: 978-3-319-99229-7
eBook Packages: Computer ScienceComputer Science (R0)