What Do We Know About Buffer Overflow Detection?: A Survey on Techniques to Detect A Persistent Vulnerability

Buffer overflow (BO) is a well-known and widely exploited security vulnerability. Despite the extensive body of research, BO is still a threat menacing security-critical applications. The authors present a comprehensive systematic review on techniques intended to detecting BO vulnerabilities before...

Full description

Saved in:
Bibliographic Details
Published in:International journal of systems and software security and protection Vol. 9; no. 3; pp. 1 - 33
Main Authors: Cruzes, Daniela Soares, Chaim, Marcos Lordello, Santos, Daniel Soares
Format: Journal Article
Language:English
Published: Hershey IGI Global 01.07.2018
Subjects:
Buffers
False alarms
Inspection
Program verification (computers)
Security
Software development
ISSN:2640-4265, 2640-4273
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Buffer overflow (BO) is a well-known and widely exploited security vulnerability. Despite the extensive body of research, BO is still a threat menacing security-critical applications. The authors present a comprehensive systematic review on techniques intended to detecting BO vulnerabilities before releasing a software to production. They found that most of the studies addresses several vulnerabilities or memory errors, being not specific to BO detection. The authors organized them in seven categories: program analysis, testing, computational intelligence, symbolic execution, models, and code inspection. Program analysis, testing and code inspection techniques are available for use by the practitioner. However, program analysis adoption is hindered by the high number of false alarms; testing is broadly used but in ad hoc manner; and code inspection can be used in practice provided it is added as a task of the software development process. New techniques combining object code analysis with techniques from different categories seem a promising research avenue towards practical BO detection.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:2640-4265
2640-4273
DOI:10.4018/IJSSSP.2018070101