Auditing Buffer Overflow Vulnerabilities Using Hybrid Static-Dynamic Analysis

Despite being studied for more than two decades buffer overflow vulnerabilities are still frequently reported in programs. In this paper, we propose a hybrid approach that combines static and dynamic program analysis to audit buffer overflows. Using simple rules, test data are generated to automatic...

Full description

Saved in:
Bibliographic Details
Published in:Proceedings - International Computer Software & Applications Conference pp. 394 - 399
Main Authors: Padmanabhuni, Bindu Madhavi, Kuan Tan, Hee Beng
Format: Conference Proceeding Journal Article
Language:English
Published: IEEE 01.07.2014
Subjects:
Accuracy
Applications programs
Arrays
auditing
Benchmark testing
buffer overflow
Buffer overflows
Computer information security
Computer programs
Conferences
Data mining
Dynamic tests
Dynamics
input validation
Input variables
Manuals
Predictive models
Software
static and dynamic analysis
static code attributes
Vulnerability
ISSN:0730-3157
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Despite being studied for more than two decades buffer overflow vulnerabilities are still frequently reported in programs. In this paper, we propose a hybrid approach that combines static and dynamic program analysis to audit buffer overflows. Using simple rules, test data are generated to automatically confirm some of the vulnerabilities through dynamic analysis and the remaining cases are predicted by mining static code attributes. Confirmed cases can be directly fixed without further verification whereas predicted cases need to be manually reviewed to confirm existence of vulnerabilities. Since our approach combines the strengths of static and dynamic analyses, it results in an overall accuracy improvement. In our evaluation of approach using the standard benchmark suite, our classifiers achieved a recall over 92% and precision greater than 81%. The dynamic analysis component confirmed 51% of known vulnerabilities along with reporting 2 new bugs, thereby reducing by half, otherwise needed manual auditing effort.
Bibliography:ObjectType-Article-2
SourceType-Scholarly Journals-1
ObjectType-Conference-1
ObjectType-Feature-3
content type line 23
SourceType-Conference Papers & Proceedings-2
ISSN:0730-3157
DOI:10.1109/COMPSAC.2014.62