Buffer Access Monitoring for Enhanced Buffer Overflow Detection in Fuzzing
Buffer overflows remain one of the most critical and widespread vulnerabilities in software systems. Traditional fuzzing techniques often lack the precision required to reliably detect buffer overflows. This paper presents BufferMonitor, a novel approach to enhancing buffer overflow detection by int...
Gespeichert in:
| Veröffentlicht in: | Proceedings - International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems S. 1 - 6 |
|---|---|
| Hauptverfasser: | , , |
| Format: | Tagungsbericht |
| Sprache: | Englisch |
| Veröffentlicht: |
IEEE
21.10.2024
|
| Schlagworte: | |
| ISSN: | 2375-0227 |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Abstract | Buffer overflows remain one of the most critical and widespread vulnerabilities in software systems. Traditional fuzzing techniques often lack the precision required to reliably detect buffer overflows. This paper presents BufferMonitor, a novel approach to enhancing buffer overflow detection by integrating a comprehensive buffer monitoring system into fuzzing frameworks. Using the LLVM compiler framework, we instrument the system under test to collect detailed memory access information, including the distance of each access from buffer boundaries. By prioritizing inputs that generate minimal distances to these boundaries, our method significantly improves the likelihood of detecting potential overflows. This approach not only increases the possibility of identifying buffer overflows but can also identify them with greater accuracy than AddressSanitizer. This provides a robust solution for enhancing software security. |
|---|---|
| AbstractList | Buffer overflows remain one of the most critical and widespread vulnerabilities in software systems. Traditional fuzzing techniques often lack the precision required to reliably detect buffer overflows. This paper presents BufferMonitor, a novel approach to enhancing buffer overflow detection by integrating a comprehensive buffer monitoring system into fuzzing frameworks. Using the LLVM compiler framework, we instrument the system under test to collect detailed memory access information, including the distance of each access from buffer boundaries. By prioritizing inputs that generate minimal distances to these boundaries, our method significantly improves the likelihood of detecting potential overflows. This approach not only increases the possibility of identifying buffer overflows but can also identify them with greater accuracy than AddressSanitizer. This provides a robust solution for enhancing software security. |
| Author | Schneider, Martin A. Josten, Silvan Barakat, Ramon |
| Author_xml | – sequence: 1 givenname: Ramon surname: Barakat fullname: Barakat, Ramon email: ramon.barakat@fokus.fraunhofer.de organization: Fraunhofer Institute for Open Communication Systems FOKUS,Berlin,Germany – sequence: 2 givenname: Silvan surname: Josten fullname: Josten, Silvan email: silvan.josten@fokus.fraunhofer.de organization: Fraunhofer Institute for Open Communication Systems FOKUS,Berlin,Germany – sequence: 3 givenname: Martin A. surname: Schneider fullname: Schneider, Martin A. email: martina.schneider@fokus.fraunhofer.de organization: Fraunhofer Institute for Open Communication Systems FOKUS,Berlin,Germany |
| BookMark | eNo1j8tOwzAURA0Cibb0D1hY7BOuH0nsZQgtD7XKomVdJfY1GBUHOSkV_XoqUVazmDNHmjG5CF1AQm4ZpIyBvluWq6per3IpOU85cJkyKFSeCXlGprrQSgiWCSYAzsmIiyJLgPPiioz7_gOAw7EckZf7nXMYaWkM9j1ddsEPXfThjbou0ll4b4JBS09U_Y3Rbbs9fcABzeC7QH2g893hcFxck0vXbHucnnJCXuezdfWULOrH56pcJJ4V-ZAwrRSTrXa5NoVqrWXKCNVIMKByCZlEDcZYZ1qLVgrTYptrZrUDJxSiERNy8-f1iLj5iv6ziT-b_-_iF9uHUes |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IL CBEJK RIE RIL |
| DOI | 10.1109/MASCOTS64422.2024.10786534 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Xplore POP ALL IEEE Xplore All Conference Proceedings IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP All) 1998-Present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Computer Science |
| EISBN | 9798331531300 |
| EISSN | 2375-0227 |
| EndPage | 6 |
| ExternalDocumentID | 10786534 |
| Genre | orig-research |
| GrantInformation_xml | – fundername: Horizon Europe funderid: 10.13039/100018693 – fundername: Fraunhofer-Gesellschaft funderid: 10.13039/501100003185 |
| GroupedDBID | 6IE 6IK 6IL AAJGR ACGFS ALMA_UNASSIGNED_HOLDINGS CBEJK M43 RIE RIL RNS |
| ID | FETCH-LOGICAL-i176t-198814b9f69c78bdd18c38a40c0864054e90ccdfcbded43cbeb691d9f0f38eec3 |
| IEDL.DBID | RIE |
| ISICitedReferencesCount | 0 |
| ISICitedReferencesURI | http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=001431496800033&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| IngestDate | Wed Aug 27 02:33:45 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | true |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i176t-198814b9f69c78bdd18c38a40c0864054e90ccdfcbded43cbeb691d9f0f38eec3 |
| PageCount | 6 |
| ParticipantIDs | ieee_primary_10786534 |
| PublicationCentury | 2000 |
| PublicationDate | 2024-Oct.-21 |
| PublicationDateYYYYMMDD | 2024-10-21 |
| PublicationDate_xml | – month: 10 year: 2024 text: 2024-Oct.-21 day: 21 |
| PublicationDecade | 2020 |
| PublicationTitle | Proceedings - International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems |
| PublicationTitleAbbrev | MASCOTS |
| PublicationYear | 2024 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| SSID | ssj0020153 |
| Score | 2.271784 |
| Snippet | Buffer overflows remain one of the most critical and widespread vulnerabilities in software systems. Traditional fuzzing techniques often lack the precision... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 1 |
| SubjectTerms | buffer access monitoring Buffer overflows Computer security Fuzzing Instruments memory access information Monitoring Research and development Safety security testing Software reliability Software systems Telecommunications |
| Title | Buffer Access Monitoring for Enhanced Buffer Overflow Detection in Fuzzing |
| URI | https://ieeexplore.ieee.org/document/10786534 |
| WOSCitedRecordID | wos001431496800033&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1LSwMxEA62ePDkq-KbHLxu3WTTPI5VW0S0FqrSW9m8sCBbqbsK_fVO0m3Fgwdvy5IsSyaTb2aSLx9CF4CwnAnvEkBzk0BInSZSM5pkNgd49NqLWNB_uReDgRyP1bAmq0cujHMuHj5z7fAY9_LtzFShVAYeLiTvZKyBGkLwJVlrnV0BrmX1raIkVZcP3REkxSOAexr4VpS1V71_6ahEGOlv__MHdlDrh5CHh2uo2UUbrthD2ytFBlw76D66u6qC3gnuRhlEvHTYULnDEJviXvEa9_tx3eoRprF_m33hG1fGE1kFnha4Xy0W0KOFnvu9p-vbpFZLSKZE8DIhSkrCtPJcGSG1tUSaTOYsNZC1QFjGnEqNsd5o6yzLjHaaK2KVT30mnTPZAWoWs8IdIkxpnvNOTnKqDYN4ENrAtx3VzvIOZK5HqBXGZvK-vBBjshqW4z_en6CtYIGw5FNyiprlvHJnaNN8ltOP-Xk04zdWB549 |
| linkProvider | IEEE |
| linkToHtml | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1LTwIxEG4UTfSED4xve_C6uO12d9sjKgQVkAQ03sj2FUnMYpDVhF_vtCwYDx68NU3bNG0n38y0Xz-ELgFhE5ZaEwCaqwBc6jDgktEg0hnAo5U29Qn9507a6_GXF9EvyeqeC2OM8Y_PTN0V_V2-nqjCpcrAwlOexBFbRxsxYzRc0LVW8RUgW1T-K0pCcdVtDCAsHgDgU8e4oqy-7P9LScUDSav6zynsoNoPJQ_3V2Czi9ZMvoeqS00GXJroPrq_LpziCW54IUS8MFmXu8PgneJm_upv_HHZ6hEOsn2bfOFbM_NvsnI8znGrmM-hRw09tZrDm3ZQ6iUEY5Ims4AIzgmTwiZCpVxqTbiKeMZCBXELOGbMiFApbZXURrNISSMTQbSwoY24MSo6QJV8kptDhCnNsiTOSEalYuARQhsY21BpdBJD7HqEam5tRu-LLzFGy2U5_qP-Am21h93OqHPXezhB2243HABQcooqs2lhztCm-pyNP6bnfku_AcBUoYQ |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=Proceedings+-+International+Symposium+on+Modeling%2C+Analysis%2C+and+Simulation+of+Computer+and+Telecommunication+Systems&rft.atitle=Buffer+Access+Monitoring+for+Enhanced+Buffer+Overflow+Detection+in+Fuzzing&rft.au=Barakat%2C+Ramon&rft.au=Josten%2C+Silvan&rft.au=Schneider%2C+Martin+A.&rft.date=2024-10-21&rft.pub=IEEE&rft.eissn=2375-0227&rft.spage=1&rft.epage=6&rft_id=info:doi/10.1109%2FMASCOTS64422.2024.10786534&rft.externalDocID=10786534 |