ABSTRACT
Buffer overflows cause serious problems in different categories of software systems. For example, if present in network or security applications, they can be exploited to gain unauthorized grant or access to the system. In embedded systems, such as avionics or automotive systems, they can be the cause of serious accidents.This paper proposes to combine static analysis and program slicing with evolutionary testing, to detect buffer overflow threats. Static analysis identifies vulnerable statements, while slicing and data dependency analysis identify the relationship between these statements and program or function inputs, thus reducing the search space.To guide the search towards discovering buffer overflow in this work we define three multi-objective fitness functions and compare them on two open-source systems. These functions account for terms such as the statement coverage, the coverage of vulnerable statements, the distance form buffer boundaries and the coverage of unconstrained nodes of the control flow graph.
- Beetlesoft RatScan. http://www.beetlesoft.com.Google Scholar
- Secure software solutions, rats, the rough auditing tool for security. http://www.securesw.com/rats/.Google Scholar
- G. Antoniol and E. Merlo. A static measure of a subset of intra-procedural data flow testing coverage based on node coverage. In CASCON, October 1999. Google ScholarDigital Library
- D. Binkley and M. Harman. Analysis and visualization of predicate dependence on formal parameters and global variables. IEEE Transactions on Software Engineering, 30(11):715--735, Nov 2004. Google ScholarDigital Library
- D. DaCosta, C. Dahn, S. Mancoridis, and V. Prevelakis. Characterizing the 'security vulnerability likelihood' of software functions. In Proceedings of IEEE International Conference on Software Maintenance, pages 266--276, Amsterdam, The Netherlands, Oct 2003. Google ScholarDigital Library
- C. Del Grosso, G. Antoniol, and M. Di Penta. An evolutionary testing approach to detect buffer overflow. In Student Paper Proceedings of the International Symposium of Software Reliability Engineering (ISSRE), St. Malo, France, Nov 2004.Google Scholar
- C. Del Grosso, M. Di Penta, and G. Antoniol. An evolutionary testing approach to detect buffer overflows. In International Symposium on Software Reliability Engineering (student paper), pages 77--78, St Malo, Bretagne, France, November, 2-5 2004.Google Scholar
- D. E. Goldberg. Genetic Algorithms in Search, Optimization and Machine Learning. Addison-Wesley Pub Co, Jan 1989. Google ScholarDigital Library
- R. Hastings and B. Joyce. Purify: Fast detection of memory leaks and access errors. In In Proceedings of the Winter USENIX Conference, Washington, DC, USA, Aug 1992.Google Scholar
- E. Haugh and M. Bishop. Testing c programs for buffer overflow vulnerabilities.Google Scholar
- B. Korel and A. Al-Yami. Assertion-oriented automated test data generation. In Proceedings of the International Conference on Software Engineering, Berlin, Germany, 1996. Google ScholarDigital Library
- D. Larochelle and D. Evans. Statically detecting likely buffer overflow vulnerabilities. In In Proceedings of the USENIX Security Symposium, Washington, DC, USA, Aug 2001. Google ScholarDigital Library
- P. McMinn. Search-based software test data generation: a survey. Software Testing, Verification and Reliability, 14:105--156, June 2004. Google ScholarDigital Library
- E. Merlo and G. Antoniol. A static measure of a subset of intra-procedural data flow testing coverage based on node coverage. In Proceedings of CASCON-99 - ponsored by IBM Canada and the National Reasearch Council of Canada, pages 173--186, Mississauga (Ontario), November 8-11 1999. Google ScholarDigital Library
- B. Miller, L. Fredricksen, and B. So. Empirical study of the reliability of unix utilities. Communications of the Association for Computing Machinery, 33(12):32--44, Dec 1990. Google ScholarDigital Library
- O. Ruwase and M. Lam. A practical dynamic buffer overflow detector. In Proceedings of the Network and Distributed System Security (NDSS) Symposium, pages 159--169, Feb 2004.Google Scholar
- N. Tracey. A search-based automated test-data generation framework for safety critical software. PhD thesis, University of York, 2000.Google Scholar
- N. Tracey, J. Clark, K. Mander, and J. McDermid. Automated test data generation for exception conditions. Software - Practice and Experience, 30(1), 2000. Google ScholarDigital Library
- J. Viega, J. Bloch, T. Kohno, and G. McGraw. ITS4: A static vulnerability scanner for c and c++ code. In Proceedings of the 16th Annual Computer Security Applications Conference, pages 3--17, Dec 2000. Google ScholarDigital Library
- S. G. W. and C. W. G. Statistical Methods. Iowa State University Press, 1989.Google Scholar
- D. Wagner, J. Foster, E. Brewer, and A. Aiken. A first step towards automated detection of buffer overrun vulnerabilities. In Proceedings of the Symposium on Network and Distributed Systems Security (NDSS '00), pages 3--17, San Diego, CA, USA, Feb 2000.Google Scholar
- M. Wall. GAlib - a C++ library of genetic algorithm components. http://lancet.mit.edu/ga/.Google Scholar
- M. Weiser. Program slicing. IEEE Transactions on Software Engineering, 10(4):352--357, July 1984.Google ScholarDigital Library
Index Terms
- Improving network applications security: a new heuristic to generate stress testing data
Recommendations
Detecting buffer overflow via automatic test input data generation
Buffer overflows cause serious problems in various categories of software systems. In critical systems, such as health-care, nuclear or aerospace software applications, a buffer overflow may cause severe threats to humans or severe economic losses. If ...
Fragility of the Robust Security Network: 802.11 Denial of Service
ACNS '09: Proceedings of the 7th International Conference on Applied Cryptography and Network SecurityThe upcoming 802.11w amendment to the 802.11 standard eliminates the 802.11 deauthentication and disassociation Denial of Service (DoS) vulnerabilities. This paper presents two other DoS vulnerabilities: one vulnerability in draft 802.11w ...
Measuring and Improving Latency to Avoid Test Suite Wear Out
ICSTW '09: Proceedings of the IEEE International Conference on Software Testing, Verification, and Validation WorkshopsThis paper introduces the concept of test suite latency. The more latent a test suite, the more it is possible to repeatedly select subsets that achieve a test goal (such as coverage) without re-applying test cases. Where a test case is re-applied it ...
Comments