Mutation-Based Testing of Integer Overflow Vulnerabilities
Integer overflow vulnerability is a kind of common software vulnerabilities, there has been no effective way to detect integer overflow vulnerabilities. Because of the lack of dynamic execution, static analysis can not determine the run-time distribution of memory, and may miss the detection of poss...
Uložené v:
| Vydané v: | 2009 5th International Conference on Wireless Communications, Networking and Mobile Computing s. 1 - 4 |
|---|---|
| Hlavní autori: | , , , |
| Médium: | Konferenčný príspevok.. |
| Jazyk: | English |
| Vydavateľské údaje: |
IEEE
01.09.2009
|
| Predmet: | |
| ISBN: | 9781424436927, 1424436923, 1424436915, 9781424436910 |
| ISSN: | 2161-9646 |
| On-line prístup: | Získať plný text |
| Tagy: |
Pridať tag
Žiadne tagy, Buďte prvý, kto otaguje tento záznam!
|
| Abstract | Integer overflow vulnerability is a kind of common software vulnerabilities, there has been no effective way to detect integer overflow vulnerabilities. Because of the lack of dynamic execution, static analysis can not determine the run-time distribution of memory, and may miss the detection of possible security issues; source code auditing is an expensive and time consuming process. Although there has been applying mutation analysis for testing ANSI C programs, and lots of mutation operators have been designed with respect to specific questions, there are not any of operators specifically designed for integer overflow. In this paper, we propose some new mutation operators to force the generation of adequate test data set for integer overflow vulnerabilities. The results indicate that the proposed operators are effective for detecting integer overflow vulnerabilities. |
|---|---|
| AbstractList | Integer overflow vulnerability is a kind of common software vulnerabilities, there has been no effective way to detect integer overflow vulnerabilities. Because of the lack of dynamic execution, static analysis can not determine the run-time distribution of memory, and may miss the detection of possible security issues; source code auditing is an expensive and time consuming process. Although there has been applying mutation analysis for testing ANSI C programs, and lots of mutation operators have been designed with respect to specific questions, there are not any of operators specifically designed for integer overflow. In this paper, we propose some new mutation operators to force the generation of adequate test data set for integer overflow vulnerabilities. The results indicate that the proposed operators are effective for detecting integer overflow vulnerabilities. |
| Author | Fanping Zeng Liangliang Mao Zhide Chen Qing Cao |
| Author_xml | – sequence: 1 surname: Fanping Zeng fullname: Fanping Zeng organization: Dept. of Comput., Univ. of Sci. & Technol. of China, Hefei, China – sequence: 2 surname: Liangliang Mao fullname: Liangliang Mao organization: Dept. of Comput., Univ. of Sci. & Technol. of China, Hefei, China – sequence: 3 surname: Zhide Chen fullname: Zhide Chen organization: Dept. of Comput., Univ. of Sci. & Technol. of China, Hefei, China – sequence: 4 surname: Qing Cao fullname: Qing Cao organization: Dept. of Comput., Univ. of Sci. & Technol. of China, Hefei, China |
| BookMark | eNpVkEFPg0AUhNfYJraVP6AX_gD43u4Ddr0pqUrShgvRY7PAo1mDYIBq_PeS2Itzmczhm2RmLRZd37EQNwghIpi7tyzN96EEMGGkQALpC-GZRCNJIhUbRZf_skwWYiUxxsDEFC_Feka1QdSor4Q3ju8wiyJpgFbifn-a7OT6Lni0I9d-wePkuqPfN37WTXzkwc-_eGja_tt_PbUdD7Z0rZscj9di2dh2ZO_sG1E8bYv0Jdjlz1n6sAucgSnASmnARkUEtTVaRmQTWZJhTWWFpZZKUhXVEMvEQq2ViZJKmxigQlLzIrURt3-1jpkPn4P7sMPP4fyE-gW6mU0o |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IL CBEJK RIE RIL |
| DOI | 10.1109/WICOM.2009.5302048 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Xplore POP ALL IEEE Xplore All Conference Proceedings IEEE Xplore IEEE Proceedings Order Plans (POP All) 1998-Present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Xplore url: https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Engineering |
| EISBN | 9781424436934 1424436931 |
| EndPage | 4 |
| ExternalDocumentID | 5302048 |
| Genre | orig-research |
| GroupedDBID | 6IE 6IF 6IK 6IL 6IN AAJGR AAWTH ADZIZ ALMA_UNASSIGNED_HOLDINGS BEFXN BFFAM BGNUA BKEBE BPEOZ CBEJK CHZPO IEGSK IPLJI M43 OCL RIE RIL |
| ID | FETCH-LOGICAL-i90t-1c3801f3540da98254a72b49e84bc1b82324c5d0627a0d83957c89600c1434243 |
| IEDL.DBID | RIE |
| ISBN | 9781424436927 1424436923 1424436915 9781424436910 |
| ISSN | 2161-9646 |
| IngestDate | Wed Aug 27 01:50:33 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | false |
| LCCN | 2008911818 |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i90t-1c3801f3540da98254a72b49e84bc1b82324c5d0627a0d83957c89600c1434243 |
| PageCount | 4 |
| ParticipantIDs | ieee_primary_5302048 |
| PublicationCentury | 2000 |
| PublicationDate | 2009-Sept. |
| PublicationDateYYYYMMDD | 2009-09-01 |
| PublicationDate_xml | – month: 09 year: 2009 text: 2009-Sept. |
| PublicationDecade | 2000 |
| PublicationTitle | 2009 5th International Conference on Wireless Communications, Networking and Mobile Computing |
| PublicationTitleAbbrev | WICOM |
| PublicationYear | 2009 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| SSID | ssj0000452904 ssj0001764321 ssj0003177788 |
| Score | 1.4358219 |
| Snippet | Integer overflow vulnerability is a kind of common software vulnerabilities, there has been no effective way to detect integer overflow vulnerabilities.... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 1 |
| SubjectTerms | Buffer overflow Computer languages Genetic mutations Runtime Security Software testing |
| Title | Mutation-Based Testing of Integer Overflow Vulnerabilities |
| URI | https://ieeexplore.ieee.org/document/5302048 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1LT8JAEJ4A8aAXH2B8pwePrnTb0t31KJFoIo8DUW6k3W4JCWkNUv37zmwLQuLFW6d76W6n_eb5DcCtFsoLO8JnCE8BC3w3wf-gwheC6mNSLmId2UbhVzEYyMlEjWpwt-mFMcbY4jNzT5c2l5_kuqBQWZsm3KDG1aEuRFj2am3iKUQNrirXwsZXBGJtBU0kI04KYcdQemjkMBUG4brPyw8V72wJnr_mgqoW3V3ZE-vuG1e131-6w37Je1k93s6cFgtTvcP_bfAIWr_9fs5og2THUDPZCRxsURU24aFflEl79oi4lzhjYufIZk6eOhRUnJmlM8SvIl3k385bsSAua1t2i454C8a9p3H3mVVzF9hcuSvGtY-wlVJAKIkUeZCR8OJAGRnEmseSbDDdSYjfOHITSYk-LdERcjXaXnhE_ik0sjwzZ-Dw1It0LPHscS3SXKG5IBMutTQcXSF9Dk06hOlHyawxrfZ_8fftS9gvczlU4XUFjdWyMNewp79W88_ljVWHHyFmpEQ |
| linkProvider | IEEE |
| linkToHtml | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1LT4NAEJ7UaqJefLTGtxw8imWBsrsebWza2NeBaG8NLEvTpAFTi_59Z4DWNvHijWEv7DLwzfMbgHvFpe01uWMiPLmm61gR_gclvhBUHx0zHqogbxTu8cFAjMdyVIGHdS-M1jovPtOPdJnn8qNUZRQqa9CEG9S4HdilyVllt9Y6okLk4LJ0LvIIC0e0LcGJZERKzvNBlDaaOab0XG_V6eV4kjU3BNtZsUGVi9a2bPNV_40lG-_d1rBfMF-WD7g1qSUHqvbR_7Z4DPXfjj9jtMayE6jo5BQON8gKa_DUz4q0vfmMyBcZPvFzJFMjjQ0KK071whjidxHP02_jLZsTm3VeeIuueB389ovf6pjl5AVzJq2lyZSDwBVTSCgKJPmQAbdDV2rhhoqFgqww1YyI4TiwIkGpPiXQFbIUWl94RM4ZVJM00edgsNgOVCjw7HEtUEyiwSAiJpTQDJ0hdQE1OoTJR8GtMSn3f_n37TvY7_j93qTXHbxewUGR2aF6r2uoLheZvoE99bWcfS5uc9X4AfEgp40 |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=2009+5th+International+Conference+on+Wireless+Communications%2C+Networking+and+Mobile+Computing&rft.atitle=Mutation-Based+Testing+of+Integer+Overflow+Vulnerabilities&rft.au=Fanping+Zeng&rft.au=Liangliang+Mao&rft.au=Zhide+Chen&rft.au=Qing+Cao&rft.date=2009-09-01&rft.pub=IEEE&rft.isbn=9781424436927&rft.issn=2161-9646&rft.spage=1&rft.epage=4&rft_id=info:doi/10.1109%2FWICOM.2009.5302048&rft.externalDocID=5302048 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=2161-9646&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=2161-9646&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=2161-9646&client=summon |