Welcome to the InfoSci Platform
Reference Hub3
What Do We Know About Buffer Overflow Detection?: A Survey on Techniques to Detect A Persistent Vulnerability

What Do We Know About Buffer Overflow Detection?: A Survey on Techniques to Detect A Persistent Vulnerability

Marcos Lordello Chaim, Daniel Soares Santos, Daniela Soares Cruzes
Copyright: © 2018 |Volume: 9 |Issue: 3 |Pages: 33
EISBN13: 9781522545187|ISSN: 2640-4265|EISSN: 2640-4273|DOI: 10.4018/IJSSSP.2018070101
Cite Article Cite Article

MLA

Chaim, Marcos Lordello, et al. "What Do We Know About Buffer Overflow Detection?: A Survey on Techniques to Detect A Persistent Vulnerability." IJSSSP vol.9, no.3 2018: pp.1-33. http://doi.org/10.4018/IJSSSP.2018070101

APA

Chaim, M. L., Santos, D. S., & Cruzes, D. S. (2018). What Do We Know About Buffer Overflow Detection?: A Survey on Techniques to Detect A Persistent Vulnerability. International Journal of Systems and Software Security and Protection (IJSSSP), 9(3), 1-33. http://doi.org/10.4018/IJSSSP.2018070101

Chicago

Chaim, Marcos Lordello, Daniel Soares Santos, and Daniela Soares Cruzes. "What Do We Know About Buffer Overflow Detection?: A Survey on Techniques to Detect A Persistent Vulnerability," International Journal of Systems and Software Security and Protection (IJSSSP) 9, no.3: 1-33. http://doi.org/10.4018/IJSSSP.2018070101

Export Reference

Mendeley
Favorite Full-Issue Download

Abstract

Buffer overflow (BO) is a well-known and widely exploited security vulnerability. Despite the extensive body of research, BO is still a threat menacing security-critical applications. The authors present a comprehensive systematic review on techniques intended to detecting BO vulnerabilities before releasing a software to production. They found that most of the studies addresses several vulnerabilities or memory errors, being not specific to BO detection. The authors organized them in seven categories: program analysis, testing, computational intelligence, symbolic execution, models, and code inspection. Program analysis, testing and code inspection techniques are available for use by the practitioner. However, program analysis adoption is hindered by the high number of false alarms; testing is broadly used but in ad hoc manner; and code inspection can be used in practice provided it is added as a task of the software development process. New techniques combining object code analysis with techniques from different categories seem a promising research avenue towards practical BO detection.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.