What Do We Know About Buffer Overflow Detection?: A Survey on Techniques to Detect A Persistent Vulnerability

Buffer overflow (BO) is a well-known and widely exploited security vulnerability. Despite the extensive body of research, BO is still a threat menacing security-critical applications. The authors present a comprehensive systematic review on techniques intended to detecting BO vulnerabilities before...

Full description

Saved in:
Bibliographic Details
Published in:International journal of systems and software security and protection Vol. 9; no. 3; pp. 1 - 33
Main Authors: Cruzes, Daniela Soares, Chaim, Marcos Lordello, Santos, Daniel Soares
Format: Journal Article
Language:English
Published: Hershey IGI Global 01.07.2018
Subjects:
Buffers
False alarms
Inspection
Program verification (computers)
Security
Software development
ISSN:2640-4265, 2640-4273
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Abstract Buffer overflow (BO) is a well-known and widely exploited security vulnerability. Despite the extensive body of research, BO is still a threat menacing security-critical applications. The authors present a comprehensive systematic review on techniques intended to detecting BO vulnerabilities before releasing a software to production. They found that most of the studies addresses several vulnerabilities or memory errors, being not specific to BO detection. The authors organized them in seven categories: program analysis, testing, computational intelligence, symbolic execution, models, and code inspection. Program analysis, testing and code inspection techniques are available for use by the practitioner. However, program analysis adoption is hindered by the high number of false alarms; testing is broadly used but in ad hoc manner; and code inspection can be used in practice provided it is added as a task of the software development process. New techniques combining object code analysis with techniques from different categories seem a promising research avenue towards practical BO detection.
AbstractList Buffer overflow (BO) is a well-known and widely exploited security vulnerability. Despite the extensive body of research, BO is still a threat menacing security-critical applications. The authors present a comprehensive systematic review on techniques intended to detecting BO vulnerabilities before releasing a software to production. They found that most of the studies addresses several vulnerabilities or memory errors, being not specific to BO detection. The authors organized them in seven categories: program analysis, testing, computational intelligence, symbolic execution, models, and code inspection. Program analysis, testing and code inspection techniques are available for use by the practitioner. However, program analysis adoption is hindered by the high number of false alarms; testing is broadly used but in ad hoc manner; and code inspection can be used in practice provided it is added as a task of the software development process. New techniques combining object code analysis with techniques from different categories seem a promising research avenue towards practical BO detection.
Author Chaim, Marcos Lordello
Cruzes, Daniela Soares
Santos, Daniel Soares
AuthorAffiliation School of Arts, Sciences and Humanities, University of Sao Paulo, Sao Paulo, Brazil
Institute of Mathematical Sciences and Computing, University of Sao Paulo, São Carlos, Brazil
Department of Software Engineering, Safety & Security, SINTEF Digital, Trondheim, Norway
AuthorAffiliation_xml – name: Institute of Mathematical Sciences and Computing, University of Sao Paulo, São Carlos, Brazil
– name: School of Arts, Sciences and Humanities, University of Sao Paulo, Sao Paulo, Brazil
– name: Department of Software Engineering, Safety & Security, SINTEF Digital, Trondheim, Norway
Author_xml – sequence: 1
  givenname: Daniela
  surname: Cruzes
  middlename: Soares
  fullname: Cruzes, Daniela Soares
  organization: Department of Software Engineering, Safety & Security, SINTEF Digital, Trondheim, Norway
– sequence: 2
  givenname: Marcos
  surname: Chaim
  middlename: Lordello
  fullname: Chaim, Marcos Lordello
  organization: School of Arts, Sciences and Humanities, University of Sao Paulo, Sao Paulo, Brazil
– sequence: 3
  givenname: Daniel
  surname: Santos
  middlename: Soares
  fullname: Santos, Daniel Soares
  organization: Institute of Mathematical Sciences and Computing, University of Sao Paulo, São Carlos, Brazil
BookMark eNp9kUtLAzEUhYMo-PwB7gKuXFTzmqTjRqr1LShU7TKkMzcaGZOaySj9904dUfC1yiV8J_fknFW06IMHhDYp2RGE9nfPzkej0fUOa2eiCCV0Aa0wKUhPMMUXP2eZLaONun4khDCaEcXVCnoaP5iEhwGPAV_48IoHk9AkfNBYCxFfvUC0VXs7hARFcsHv7-EBHjXxBWY4eHwDxYN3zw3UOIUPqgWuIdauTuATvmsqD9FMXOXSbB0tWVPVsPFxrqHb46Obw9Pe5dXJ2eHgsle0xvIen5CSEqVEWfRNyTLgUhYZl6UAYcu-KQyjJc2YFXKihFGS8z63kglJjeFW8TW01b07jWFuLunH0ETfrtQsJ4LxXNC8pVRHFTHUdQSrC5fM_JcpGldpSvQ8Xt3Fq7_ibZX0m3Ia3ZOJs381253G3bsvOz84PS1tyx7_wg6DHoOet6TfW9JdS3_vzPkbzseiUg
CitedBy_id crossref_primary_10_1016_j_cose_2021_102536
crossref_primary_10_1007_s10664_022_10179_6
Cites_doi 10.1016/j.infsof.2009.10.004
10.1109/ACSAC.2000.898880
10.1109/CISP-BMEI.2016.7853039
10.1145/360248.360252
10.1109/SERE-C.2012.35
10.1109/ISSREW.2014.26
10.1007/3-540-47764-0_12
10.1109/SECPRI.2002.1004369
10.1007/978-3-642-15497-3_5
10.1109/TSE.2016.2615307
10.1145/1449955.1449791
10.1002/spe.515
10.1145/1013886.1007528
10.1145/1542476.1542504
10.1109/ICETC.2010.5529688
10.1109/CSAC.2003.1254327
10.1109/ICIS.2009.158
10.1145/2652524.2652533
10.1109/ICST.2016.21
10.1016/j.compeleceng.2012.07.005
10.1145/1134285.1134319
10.1134/S0361768815060055
10.1049/iet-sen.2015.0039
10.1145/940071.940114
10.1007/978-3-662-03811-6
10.1145/2001420.2001459
10.1109/NSWCTC.2009.10
10.1109/EC2ND.2010.14
10.1145/781131.781149
10.1016/j.cor.2007.01.013
10.1007/978-3-642-23702-7_11
10.1109/ICSM.2008.4658084
10.1109/CompComm.2015.7387532
10.1145/2187671.2187679
10.1109/ICSE.2013.6606613
10.1145/2737095.2737097
10.1109/PRDC.2015.10
10.1109/TSE.1984.5010248
10.1109/SP.2014.44
10.1049/iet-sen.2014.0185
10.1007/BFb0055853
10.1145/1985793.1985960
10.1145/1985793.1985995
10.1109/C-M.1978.218136
10.1145/948109.948155
10.1145/1390630.1390636
10.1109/52.976940
10.3233/JCS-2011-0434
10.1145/1882291.1882338
10.1145/1982185.1982493
10.1109/COMPSAC.2015.78
10.1007/11572329_5
10.1109/SECPRI.1998.674827
10.1007/978-3-540-74810-6_4
10.1145/2993717.2993724
10.1145/1453101.1453137
ContentType Journal Article
Copyright Copyright © 2018, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
Copyright_xml – notice: Copyright © 2018, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
DBID AAYXX
CITATION
7SC
8FD
8FE
8FG
ABJCF
AFKRA
ARAPS
AZQEC
BENPR
BGLVJ
CCPQU
DWQXO
GNUQQ
HCIFZ
JQ2
K7-
L6V
L7M
L~C
L~D
M7S
P62
PHGZM
PHGZT
PKEHL
PQEST
PQGLB
PQQKQ
PQUKI
PRINS
PTHSS
DOI 10.4018/IJSSSP.2018070101
DatabaseName CrossRef
Computer and Information Systems Abstracts
Technology Research Database
ProQuest SciTech Collection
ProQuest Technology Collection
Materials Science & Engineering Collection
ProQuest Central UK/Ireland
Advanced Technologies & Computer Science Collection
ProQuest Central Essentials
ProQuest Central
ProQuest Technology Collection
ProQuest One
ProQuest Central
ProQuest Central Student
SciTech Premium Collection
ProQuest Computer Science Collection
Computer Science Database
ProQuest Engineering Collection
Advanced Technologies Database with Aerospace
Computer and Information Systems Abstracts – Academic
Computer and Information Systems Abstracts Professional
Engineering Database
ProQuest Advanced Technologies & Aerospace Collection
ProQuest Central Premium
ProQuest One Academic
ProQuest One Academic Middle East (New)
ProQuest One Academic Eastern Edition (DO NOT USE)
ProQuest One Applied & Life Sciences
ProQuest One Academic (retired)
ProQuest One Academic UKI Edition
ProQuest Central China
Engineering Collection
DatabaseTitle CrossRef
Computer Science Database
ProQuest Central Student
Technology Collection
Technology Research Database
Computer and Information Systems Abstracts – Academic
ProQuest One Academic Middle East (New)
ProQuest Advanced Technologies & Aerospace Collection
ProQuest Central Essentials
ProQuest Computer Science Collection
Computer and Information Systems Abstracts
SciTech Premium Collection
ProQuest One Community College
ProQuest Central China
ProQuest Central
ProQuest One Applied & Life Sciences
ProQuest Engineering Collection
ProQuest Central Korea
ProQuest Central (New)
Advanced Technologies Database with Aerospace
Engineering Collection
Advanced Technologies & Aerospace Collection
Engineering Database
ProQuest One Academic Eastern Edition
ProQuest Technology Collection
ProQuest SciTech Collection
Computer and Information Systems Abstracts Professional
ProQuest One Academic UKI Edition
Materials Science & Engineering Collection
ProQuest One Academic
ProQuest One Academic (New)
DatabaseTitleList
CrossRef
Computer Science Database
Database_xml – sequence: 1
  dbid: BENPR
  name: ProQuest Central
  url: https://www.proquest.com/central
  sourceTypes: Aggregation Database
DeliveryMethod fulltext_linktorsrc
Discipline Computer Science
EISSN 2640-4273
EndPage 33
ExternalDocumentID 10_4018_IJSSSP_2018070101
Do_We_Know_About_Buffer_10_4018_IJSSSP_20180701019
GroupedDBID ADEKF
ALMA_UNASSIGNED_HOLDINGS
EBS
EJD
JRD
AAYVP
AAYXX
ABGRR
ABJCF
ACOJC
AFFHD
AFKRA
ARAPS
BENPR
BGLVJ
CCPQU
CITATION
CTSEY
H13
HCIFZ
K7-
M7S
PHGZM
PHGZT
PQGLB
PTHSS
7SC
8FD
8FE
8FG
AZQEC
DWQXO
GNUQQ
JQ2
L6V
L7M
L~C
L~D
P62
PKEHL
PQEST
PQQKQ
PQUKI
PRINS
ID FETCH-LOGICAL-c2159-3b0d10774dc8ad25e366c536d4e4fd8aca21d152f46b74a763383f62461aa3f73
IEDL.DBID M7S
ISSN 2640-4265
IngestDate Sun Jul 13 05:17:19 EDT 2025
Sat Nov 29 04:27:13 EST 2025
Tue Nov 18 21:49:25 EST 2025
Tue Jan 05 23:29:49 EST 2021
Thu May 09 18:54:04 EDT 2019
IsPeerReviewed true
IsScholarly true
Issue 3
Language English
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-c2159-3b0d10774dc8ad25e366c536d4e4fd8aca21d152f46b74a763383f62461aa3f73
Notes ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ORCID 0000-0001-7157-5141
PQID 2904239419
PQPubID 2045816
PageCount 33
ParticipantIDs crossref_primary_10_4018_IJSSSP_2018070101
igi_journals_Do_We_Know_About_Buffer_10_4018_IJSSSP_20180701019
crossref_citationtrail_10_4018_IJSSSP_2018070101
proquest_journals_2904239419
PublicationCentury 2000
PublicationDate 2018-07-01T00:00:00
PublicationDateYYYYMMDD 2018-07-01
PublicationDate_xml – month: 07
  year: 2018
  text: 2018-07-01T00:00:00
  day: 01
PublicationDecade 2010
PublicationPlace Hershey
PublicationPlace_xml – name: Hershey
PublicationTitle International journal of systems and software security and protection
PublicationYear 2018
Publisher IGI Global
Publisher_xml – name: IGI Global
References IJSSSP.2018070101-67
D.Jackson (IJSSSP.2018070101-38) 2000
IJSSSP.2018070101-62
J.Wilander (IJSSSP.2018070101-87) 2003
IJSSSP.2018070101-60
IJSSSP.2018070101-65
M.Harman (IJSSSP.2018070101-32) 2010
N.Gupta (IJSSSP.2018070101-30) 2005
IJSSSP.2018070101-63
IJSSSP.2018070101-64
IJSSSP.2018070101-59
H.Shahriar (IJSSSP.2018070101-74) 2008
A.Zeller (IJSSSP.2018070101-95) 2009
IJSSSP.2018070101-56
IJSSSP.2018070101-57
IJSSSP.2018070101-7
IJSSSP.2018070101-8
IJSSSP.2018070101-50
IJSSSP.2018070101-51
IJSSSP.2018070101-1
IJSSSP.2018070101-54
IJSSSP.2018070101-4
IJSSSP.2018070101-55
IJSSSP.2018070101-5
IJSSSP.2018070101-52
IJSSSP.2018070101-53
IJSSSP.2018070101-47
A. V.Aho (IJSSSP.2018070101-0) 2007
IJSSSP.2018070101-48
IJSSSP.2018070101-46
A.Shaw (IJSSSP.2018070101-76) 2014
B. M.Padmanabhuni (IJSSSP.2018070101-66) 2015
IJSSSP.2018070101-40
IJSSSP.2018070101-43
IJSSSP.2018070101-44
IJSSSP.2018070101-41
IJSSSP.2018070101-42
E.Larson (IJSSSP.2018070101-45) 2003
IJSSSP.2018070101-37
IJSSSP.2018070101-35
G.Novark (IJSSSP.2018070101-61) 2007
R.Sebesta (IJSSSP.2018070101-73) 2012
IJSSSP.2018070101-39
T. E.Hart (IJSSSP.2018070101-33) 2008
IJSSSP.2018070101-31
IJSSSP.2018070101-25
IJSSSP.2018070101-26
IJSSSP.2018070101-23
IJSSSP.2018070101-29
B.-H.Li (IJSSSP.2018070101-49) 2011
IJSSSP.2018070101-28
P.Muntean (IJSSSP.2018070101-58) 2015; 9337
S.Chen (IJSSSP.2018070101-9) 2003
IJSSSP.2018070101-21
IJSSSP.2018070101-22
IJSSSP.2018070101-20
M.Weber (IJSSSP.2018070101-84) 2001
IJSSSP.2018070101-14
C. S.Horstmann (IJSSSP.2018070101-36) 2005
IJSSSP.2018070101-12
IJSSSP.2018070101-13
E.Haugh (IJSSSP.2018070101-34) 2003
IJSSSP.2018070101-18
IJSSSP.2018070101-19
IJSSSP.2018070101-16
IJSSSP.2018070101-17
IJSSSP.2018070101-90
IJSSSP.2018070101-91
D.Pozza (IJSSSP.2018070101-68) 2008
IJSSSP.2018070101-94
IJSSSP.2018070101-92
IJSSSP.2018070101-93
IJSSSP.2018070101-10
IJSSSP.2018070101-11
IJSSSP.2018070101-96
IJSSSP.2018070101-97
B.Ding (IJSSSP.2018070101-15) 2012
S.Rawat (IJSSSP.2018070101-71) 2012
IJSSSP.2018070101-89
S.Bilin (IJSSSP.2018070101-2) 2016
D.Pozza (IJSSSP.2018070101-69) 2006
H.Shahriar (IJSSSP.2018070101-75) 2011
IJSSSP.2018070101-80
H.Chen (IJSSSP.2018070101-6) 2004
IJSSSP.2018070101-81
M.Vujosevic-Janicic (IJSSSP.2018070101-82) 2008
J.Foster (IJSSSP.2018070101-24) 2018
IJSSSP.2018070101-88
IJSSSP.2018070101-85
IJSSSP.2018070101-86
IJSSSP.2018070101-78
IJSSSP.2018070101-79
D.Wagner (IJSSSP.2018070101-83) 2000
IJSSSP.2018070101-72
F.Gao (IJSSSP.2018070101-27) 2016
IJSSSP.2018070101-70
D.Binkley (IJSSSP.2018070101-3) 2007
IJSSSP.2018070101-77
References_xml – ident: IJSSSP.2018070101-41
  doi: 10.1016/j.infsof.2009.10.004
– ident: IJSSSP.2018070101-81
  doi: 10.1109/ACSAC.2000.898880
– start-page: 851
  year: 2008
  ident: IJSSSP.2018070101-68
  article-title: A Lightweight Security Analyzer inside GCC.
  publication-title: International Conference on Availability, Reliability and Security (ARES)
– year: 2005
  ident: IJSSSP.2018070101-36
  publication-title: Core Java 2
– ident: IJSSSP.2018070101-44
– start-page: 3
  year: 2000
  ident: IJSSSP.2018070101-83
  article-title: A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities.
  publication-title: Proc. Network and Distributed Systems Security Conference
– ident: IJSSSP.2018070101-54
  doi: 10.1109/CISP-BMEI.2016.7853039
– ident: IJSSSP.2018070101-42
  doi: 10.1145/360248.360252
– ident: IJSSSP.2018070101-7
  doi: 10.1109/SERE-C.2012.35
– ident: IJSSSP.2018070101-64
  doi: 10.1109/ISSREW.2014.26
– ident: IJSSSP.2018070101-16
  doi: 10.1007/3-540-47764-0_12
– ident: IJSSSP.2018070101-11
  doi: 10.1109/SECPRI.2002.1004369
– ident: IJSSSP.2018070101-96
  doi: 10.1007/978-3-642-15497-3_5
– year: 2003
  ident: IJSSSP.2018070101-87
  publication-title: A Comparison of Publicly Available Tools for Dynamic Buffer Overflow Prevention. Network and Distributed System Security (NDSS)
– ident: IJSSSP.2018070101-72
  doi: 10.1109/TSE.2016.2615307
– ident: IJSSSP.2018070101-23
  doi: 10.1145/1449955.1449791
– ident: IJSSSP.2018070101-12
– year: 2003
  ident: IJSSSP.2018070101-45
  article-title: High Coverage Detection of Input-Related Security Faults.
  publication-title: USENIX Security Symposium
– ident: IJSSSP.2018070101-48
  doi: 10.1002/spe.515
– start-page: 133
  year: 2000
  ident: IJSSSP.2018070101-38
  article-title: Software Analysis: A Roadmap.
  publication-title: International Conference on Software Engineering
– ident: IJSSSP.2018070101-80
  doi: 10.1145/1013886.1007528
– ident: IJSSSP.2018070101-59
  doi: 10.1145/1542476.1542504
– ident: IJSSSP.2018070101-1
  doi: 10.1109/ICETC.2010.5529688
– start-page: 1
  year: 2006
  ident: IJSSSP.2018070101-69
  publication-title: Comparing lexical analysis tools for buffer overflow detection in network software. In Communication Systems Software and Middleware (COMSWARE)
– ident: IJSSSP.2018070101-78
  doi: 10.1109/CSAC.2003.1254327
– ident: IJSSSP.2018070101-10
  doi: 10.1109/ICIS.2009.158
– ident: IJSSSP.2018070101-22
  doi: 10.1145/2652524.2652533
– start-page: 137
  year: 2011
  ident: IJSSSP.2018070101-75
  publication-title: A Fuzzy Logic-Based Buffer Overflow Vulnerability Auditor. In Dependable, Autonomic and Secure Computing (DASC)
– start-page: 3
  year: 2001
  ident: IJSSSP.2018070101-84
  publication-title: A Case Study in Detecting Software Security Vulnerabilities Using Constraint Optimization. In Source Code Analysis and Manipulation (SCAM)
– ident: IJSSSP.2018070101-93
  doi: 10.1109/ICST.2016.21
– ident: IJSSSP.2018070101-8
  doi: 10.1016/j.compeleceng.2012.07.005
– ident: IJSSSP.2018070101-62
– ident: IJSSSP.2018070101-31
  doi: 10.1145/1134285.1134319
– start-page: 177
  year: 2012
  ident: IJSSSP.2018070101-71
  publication-title: Finding Buffer Overflow Inducing Loops in Binary Executables. In Software Security and Reliability (SERE)
– ident: IJSSSP.2018070101-63
  doi: 10.1134/S0361768815060055
– start-page: 387
  year: 2008
  ident: IJSSSP.2018070101-33
  article-title: Augmenting Counterexample-Guided Abstraction Refinement with Proof Templates.
– ident: IJSSSP.2018070101-57
  doi: 10.1049/iet-sen.2015.0039
– start-page: 786
  year: 2016
  ident: IJSSSP.2018070101-27
  article-title: BovInspector: Automatic inspection and repair of buffer overflow vulnerabilities.
– ident: IJSSSP.2018070101-52
  doi: 10.1145/940071.940114
– year: 2007
  ident: IJSSSP.2018070101-0
  publication-title: Compilers: Principles, Techniques, and Tools
– ident: IJSSSP.2018070101-60
  doi: 10.1007/978-3-662-03811-6
– ident: IJSSSP.2018070101-47
  doi: 10.1145/2001420.2001459
– year: 2012
  ident: IJSSSP.2018070101-73
  publication-title: Concepts of Programming Languages
– ident: IJSSSP.2018070101-51
  doi: 10.1109/NSWCTC.2009.10
– ident: IJSSSP.2018070101-70
  doi: 10.1109/EC2ND.2010.14
– start-page: 263
  year: 2005
  ident: IJSSSP.2018070101-30
  article-title: Locating faulty code using failure-inducing chops.
– ident: IJSSSP.2018070101-17
  doi: 10.1145/781131.781149
– ident: IJSSSP.2018070101-29
  doi: 10.1016/j.cor.2007.01.013
– ident: IJSSSP.2018070101-53
  doi: 10.1007/978-3-642-23702-7_11
– start-page: 29
  year: 2008
  ident: IJSSSP.2018070101-82
  article-title: Ensuring Safe Usage of Buffers in Programming Language C.
  publication-title: International Conference on Software Technologies (ICSOFT)
– start-page: 7
  year: 2010
  ident: IJSSSP.2018070101-32
  publication-title: Why Source Code Analysis and Manipulation Will Always be Important. In Source Code Analysis and Manipulation (SCAM)
– ident: IJSSSP.2018070101-39
  doi: 10.1109/ICSM.2008.4658084
– ident: IJSSSP.2018070101-92
  doi: 10.1109/CompComm.2015.7387532
– start-page: 104
  year: 2007
  ident: IJSSSP.2018070101-3
  publication-title: Source Code Analysis: A Road Map. In Future of Software Engineering (FOSE)
– year: 2004
  ident: IJSSSP.2018070101-6
  article-title: Model Checking One Million Lines of C Code.
  publication-title: Network and Distributed System Security Symposium (NDSS)
– ident: IJSSSP.2018070101-94
  doi: 10.1145/2187671.2187679
– year: 2018
  ident: IJSSSP.2018070101-24
– ident: IJSSSP.2018070101-40
  doi: 10.1109/ICSE.2013.6606613
– ident: IJSSSP.2018070101-79
  doi: 10.1145/2737095.2737097
– ident: IJSSSP.2018070101-56
  doi: 10.1109/PRDC.2015.10
– ident: IJSSSP.2018070101-85
  doi: 10.1109/TSE.1984.5010248
– start-page: 979
  year: 2008
  ident: IJSSSP.2018070101-74
  article-title: Mutation-Based Testing of Buffer Overflow Vulnerabilities.
  publication-title: Computer Software and Applications Conference (COMPSAC)
– ident: IJSSSP.2018070101-91
  doi: 10.1109/SP.2014.44
– ident: IJSSSP.2018070101-67
  doi: 10.1049/iet-sen.2014.0185
– ident: IJSSSP.2018070101-4
  doi: 10.1007/BFb0055853
– start-page: 165
  year: 2011
  ident: IJSSSP.2018070101-49
  publication-title: RELEASE: Generating Exploits Using Loop-Aware Concolic Execution. In Secure Software Integration and Reliability Improvement (SSIRI)
– ident: IJSSSP.2018070101-89
  doi: 10.1145/1985793.1985960
– ident: IJSSSP.2018070101-43
– start-page: 124
  year: 2014
  ident: IJSSSP.2018070101-76
  publication-title: Automatically Fixing C Buffer Overflows Using Program Transformations. In Dependable Systems and Networks (DSN)
– ident: IJSSSP.2018070101-86
– ident: IJSSSP.2018070101-5
  doi: 10.1145/1985793.1985995
– ident: IJSSSP.2018070101-37
– ident: IJSSSP.2018070101-14
  doi: 10.1109/C-M.1978.218136
– ident: IJSSSP.2018070101-25
  doi: 10.1145/948109.948155
– ident: IJSSSP.2018070101-90
  doi: 10.1145/1390630.1390636
– volume: 9337
  start-page: 441
  year: 2015
  ident: IJSSSP.2018070101-58
  article-title: Automated Generation of Buffer Overflow Quick Fixes Using Symbolic Execution and SMT. Computer Safety, Reliability, &
  publication-title: Security
– ident: IJSSSP.2018070101-21
  doi: 10.1109/52.976940
– ident: IJSSSP.2018070101-97
  doi: 10.3233/JCS-2011-0434
– ident: IJSSSP.2018070101-50
  doi: 10.1145/1882291.1882338
– ident: IJSSSP.2018070101-88
  doi: 10.1145/1982185.1982493
– start-page: 151
  year: 2016
  ident: IJSSSP.2018070101-2
  article-title: A static comprehensive analytical method for buffer overflow vulnerability detection.
  publication-title: International Conference on Computer Science and Electronic Technology (CSET) (
– ident: IJSSSP.2018070101-65
  doi: 10.1109/COMPSAC.2015.78
– ident: IJSSSP.2018070101-13
– ident: IJSSSP.2018070101-55
– year: 2003
  ident: IJSSSP.2018070101-34
  publication-title: Testing C Programs for Buffer Overflow Vulnerabilities. Network and Distributed System Security (NDSS)
– ident: IJSSSP.2018070101-19
  doi: 10.1007/11572329_5
– ident: IJSSSP.2018070101-28
  doi: 10.1109/SECPRI.1998.674827
– ident: IJSSSP.2018070101-20
  doi: 10.1007/978-3-540-74810-6_4
– start-page: 195
  year: 2012
  ident: IJSSSP.2018070101-15
  publication-title: Baggy Bounds with Accurate Checking
– start-page: 48
  year: 2015
  ident: IJSSSP.2018070101-66
  publication-title: Light-Weight Rule-Based Test Case Generation for Detecting Buffer Overflow Vulnerabilities. In ICSE: Automation of Software Test (AST)
– start-page: 605
  year: 2003
  ident: IJSSSP.2018070101-9
  publication-title: A Data-Driven Finite State Machine Model for Analyzing Security Vulnerabilities. In Dependable Systems and Networks (DSN)
– year: 2009
  ident: IJSSSP.2018070101-95
  publication-title: Why Programs Fail - A Guide to Systematic Debugging
– ident: IJSSSP.2018070101-35
– start-page: 1
  year: 2007
  ident: IJSSSP.2018070101-61
  publication-title: Exterminator: automatically correcting memory errors with high probability. In Programming Language Design and Implementation (PLDI)
– ident: IJSSSP.2018070101-18
– ident: IJSSSP.2018070101-26
  doi: 10.1145/2993717.2993724
– ident: IJSSSP.2018070101-46
  doi: 10.1145/1453101.1453137
– ident: IJSSSP.2018070101-77
SSID ssj0002150737
Score 2.0315034
Snippet Buffer overflow (BO) is a well-known and widely exploited security vulnerability. Despite the extensive body of research, BO is still a threat menacing...
SourceID proquest
crossref
igi
SourceType Aggregation Database
Enrichment Source
Index Database
Publisher
StartPage 1
SubjectTerms Buffers
False alarms
Inspection
Program verification (computers)
Security
Software development
Title What Do We Know About Buffer Overflow Detection?: A Survey on Techniques to Detect A Persistent Vulnerability
URI http://services.igi-global.com/resolvedoi/resolve.aspx?doi=10.4018/IJSSSP.2018070101
https://www.proquest.com/docview/2904239419
Volume 9
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
journalDatabaseRights – providerCode: PRVPQU
  databaseName: Computer Science Database
  customDbUrl:
  eissn: 2640-4273
  dateEnd: 20211231
  omitProxy: false
  ssIdentifier: ssj0002150737
  issn: 2640-4265
  databaseCode: K7-
  dateStart: 20180101
  isFulltext: true
  titleUrlDefault: http://search.proquest.com/compscijour
  providerName: ProQuest
– providerCode: PRVPQU
  databaseName: Engineering Database
  customDbUrl:
  eissn: 2640-4273
  dateEnd: 20211231
  omitProxy: false
  ssIdentifier: ssj0002150737
  issn: 2640-4265
  databaseCode: M7S
  dateStart: 20180101
  isFulltext: true
  titleUrlDefault: http://search.proquest.com
  providerName: ProQuest
– providerCode: PRVPQU
  databaseName: ProQuest Central
  customDbUrl:
  eissn: 2640-4273
  dateEnd: 20211231
  omitProxy: false
  ssIdentifier: ssj0002150737
  issn: 2640-4265
  databaseCode: BENPR
  dateStart: 20180101
  isFulltext: true
  titleUrlDefault: https://www.proquest.com/central
  providerName: ProQuest
link http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwpV3dT9swED-tsIe9wD61AqusaU-TLJrYcRJeKlhB-1JXLQx4sxLbmSqVpLQpEv_9fI5DNaHxstfkYkV35_uwT78fwIckN7ZsNxEVScko10wgkXtEYz3kuuCcGwe7ePE9nkySq6t06g_cVn6ssouJLlDrWuEZ-WGY4gRHyoN0tLihyBqFt6ueQqMH24iSELjRvez-jCXEasfBZtq0P6Q2GUXtxaZtKpLDL1-zLJvidFdi_T7wtDBdaurNfs8exGeXdM52__d3n8OOLzfJcesfL-CJqV7CbkflQPzOfgXXCOFNxjW5NASZsAleBzXkZI30KeSH9fdybp-OTeNGt6rRETkm2Xp5a-5IXZHzDgl2RZraS1kBHK9HN6oacrGeI761G8W9ew2_zk7PP32mnomBKqvDlLJiqG2fGHOtklyHkWFCqIgJzQ0vdZKrPAy0rQRKLoqY5zZm2ca3FIhVl-esjNkb2KrqyrwFEkZlrGzTxYQSPDBJkdsCVRf2IQsU02Efhp0RpPIw5ciWMZe2XUG7ydZucmO3Pny8_2TRYnQ8JjyylpV-p67kuJaXRqJmpdOsbDX77wXSPrz_a4UHEnKhyz4cdH6xkdw4xd7jr_fhGS7XjgUfwFazXJt38FTdNrPVcgDbJ6eT6c8B9L7FdOBc_g8gNQHG
linkProvider ProQuest
linkToHtml http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMw1V1bb9MwFD7aBhJ7YVy1wgALwQuStSZ2bkhTNSjTSkuZ1LLtzSS2gyqVpLTpUP_UfiPn5LIKTextD7wmJ5Zif-dmH58P4E0YWwzbrcf9MBVcGuETkbvHA9OWJpFS2rLt4ukgGA7D8_PoZAMum7swVFbZ2MTSUJtc0x75vhtRBUcknagz-8WJNYpOVxsKjQoWfbv6jSnb4qDXxfV967pHn8Yfj3nNKsA1ureIi6RtMOcJpNFhbFzPCt_XnvCNtDI1Yaxj1zHo1VLpJ4GMUf8wiUt96rsWxyINBI67CXekCAPSq37Ar_Z0XIquyjadGGa0OTo_rzpIxSQm3O99Ho1GJ1RNFqKeOTUNTeMKNyc_Jtf8Qenkjnb-t-l5APfrcJodVvh_CBs2ewQ7DVUFqy3XY_hJLcpZN2dnlhHTN6PjroJ9WBI9DPuK-pxO8WnXFmVpWtZ5zw7ZaDm_sCuWZ2zcdLpdsCKvpVCArg-QmmQFO11OqX93WWq8egLfbuWnn8JWlmd2F5jrpYHGpFL42peODZMYA3CT4EPhaGHcFrSbRVe6bsNObCBThekY4URVOFFrnLTg3dUns6oHyU3CHUSSqi3RQnVzdWYVzawqZ1ZVM_vvAaIWvP5rhGsSambSFuw1OFxLrkH47ObXr-De8fjLQA16w_5z2KahqxLoPdgq5kv7Au7qi2KymL8sFYzB99uG7B9N4VpG
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=What+Do+We+Know+About+Buffer+Overflow+Detection%3F%3A+A+Survey+on+Techniques+to+Detect+A+Persistent+Vulnerability&rft.jtitle=International+journal+of+systems+and+software+security+and+protection&rft.au=Cruzes%2C+Daniela+Soares&rft.au=Chaim%2C+Marcos+Lordello&rft.au=Santos%2C+Daniel+Soares&rft.date=2018-07-01&rft.issn=2640-4265&rft.eissn=2640-4273&rft.volume=9&rft.issue=3&rft.spage=1&rft.epage=33&rft_id=info:doi/10.4018%2FIJSSSP.2018070101&rft.externalDocID=Do_We_Know_About_Buffer_10_4018_IJSSSP_20180701019
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=2640-4265&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=2640-4265&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=2640-4265&client=summon