ABSTRACT
Maintaining the security of our computer systems has become one of the dominant aspects of the war on terror and many researchers and developers predict that the next attack against the United States will be a computer attack [5, 9, 11]. The Department of Homeland Security has established a partnership with industry, the United States Computer Readiness Team (US-CERT), to protect the nation's Internet infrastructure [2]. The US-CERT sponsors an automated, web-based repository of standards based vulnerability data (NVD), which includes a database of security related software flaws [3].
- Isabelle/HOL: a proof assistant for higher-order logic. Springer-Verlag, UK, 2002. Google ScholarDigital Library
- The National Strategy to Secure Cyberspace. February 2003.Google Scholar
- The National Vulnerability Database. December 2008.Google Scholar
- N. Cooprider, W. Archer, E. Eide, D. Gay, and J. Regehr. Efficient memory safety for tinyos. In SenSys '07: Proceedings of the 5th international conference on Embedded networked sensor systems, pages 205--218, New York, NY, USA, 2007. ACM. Google ScholarDigital Library
- D. E. Denning. Is cyber terror next?, November 2001.Google Scholar
- E. Haugh and M. Bishop. Testing c programs for buffer overflow vulnerabilities. In Network and Distributed System Security Symposium (NDSS, 2003.Google Scholar
- G. Helmer. Incomplete list of Unix vulnerabilities.Google Scholar
- M. Sitaraman, D. P. Gandi, W. Küchlin, C. Sinz, and B. B. Weide. DEET for component-based software. In Proceedings of the 2004 SAVCBS Workshop, ACM SIGSOFT 2004/FSE-12, pages 95--104, Newport Beach, CA, Oct. 2004.Google Scholar
- A. C. Trembly. The next terrorist attack: Coming soon to a computer screen near you? October 2001.Google Scholar
- D. Wagner, J. S. Foster, E. A. Brewer, and A. Aiken. A first step towards automated detection of buffer overrun vulnerabilities. In Network and Distributed System Security Symposium, pages 3--17, San Diego, CA, February 2000.Google Scholar
- C. Wilson. Computer attack and cyber terrorism: Vulnerabilities and policy issues for congress. 2003.Google Scholar
Index Terms
- Detecting overflow vulnerabilities using automated verification
Recommendations
Defending against Buffer-Overflow Vulnerabilities
A survey of techniques ranging from static analysis to hardwaremodification describes how various defensive approaches protect against buffer overflow, a vulnerability that represents a severesecurity threat.
A combinatorial approach to detecting buffer overflow vulnerabilities
DSN '11: Proceedings of the 2011 IEEE/IFIP 41st International Conference on Dependable Systems&NetworksBuffer overflow vulnerabilities are program defects that can cause a buffer to overflow at runtime. Many security attacks exploit buffer overflow vulnerabilities to compromise critical data structures. In this paper, we present a black-box testing ...
Understanding and securing device vulnerabilities through automated bug report analysis
SEC'19: Proceedings of the 28th USENIX Conference on Security SymposiumRecent years have witnessed the rise of Internet-of-Things (IoT) based cyber attacks. These attacks, as expected, are launched from compromised IoT devices by exploiting security flaws already known. Less clear, however, are the fundamental causes of ...
Comments