Mutation-Based Testing of Integer Overflow Vulnerabilities

Integer overflow vulnerability is a kind of common software vulnerabilities, there has been no effective way to detect integer overflow vulnerabilities. Because of the lack of dynamic execution, static analysis can not determine the run-time distribution of memory, and may miss the detection of poss...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:2009 5th International Conference on Wireless Communications, Networking and Mobile Computing s. 1 - 4
Hlavní autoři: Fanping Zeng, Liangliang Mao, Zhide Chen, Qing Cao
Médium: Konferenční příspěvek
Jazyk:angličtina
Vydáno: IEEE 01.09.2009
Témata:
Buffer overflow
Computer languages
Genetic mutations
Runtime
Security
Software testing
ISBN:9781424436927, 1424436923, 1424436915, 9781424436910
ISSN:2161-9646
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:Integer overflow vulnerability is a kind of common software vulnerabilities, there has been no effective way to detect integer overflow vulnerabilities. Because of the lack of dynamic execution, static analysis can not determine the run-time distribution of memory, and may miss the detection of possible security issues; source code auditing is an expensive and time consuming process. Although there has been applying mutation analysis for testing ANSI C programs, and lots of mutation operators have been designed with respect to specific questions, there are not any of operators specifically designed for integer overflow. In this paper, we propose some new mutation operators to force the generation of adequate test data set for integer overflow vulnerabilities. The results indicate that the proposed operators are effective for detecting integer overflow vulnerabilities.
ISBN:9781424436927
1424436923
1424436915
9781424436910
ISSN:2161-9646
DOI:10.1109/WICOM.2009.5302048