A Fuzzy Logic-Based Buffer Overflow Vulnerability Auditor

Buffer overflow (BOF) vulnerabilities in programs might result in unwanted consequences such as neighboring data corruption and execution of arbitrary code. To assure that implemented programs are free from BOF, auditing is a well known quality assurance method. Today, there exist few tools that aid...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:2011 IEEE Ninth International Conference on Dependable, Autonomic and Secure Computing S. 137 - 144
Hauptverfasser: Shahriar, H., Zulkernine, M.
Format: Tagungsbericht
Sprache:Englisch
Veröffentlicht: IEEE 01.12.2011
Schlagworte:
Buffer overflow
Fuzzy logic
Fuzzy sets
Indexes
Libraries
Pragmatics
Security
vulnerability auditor
ISBN:9781467300063, 1467300063
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Buffer overflow (BOF) vulnerabilities in programs might result in unwanted consequences such as neighboring data corruption and execution of arbitrary code. To assure that implemented programs are free from BOF, auditing is a well known quality assurance method. Today, there exist few tools that aid an auditor to partially automate the task of BOF vulnerability auditing. These tools provide too many warnings that are often similar types to be dealt with and do not allow an auditor providing his/her opinions to better interpret the generated warnings. To improve the quality of warnings, we propose a fuzzy logic-based BOF vulnerability auditor. Our contribution includes the development of crisp BOF vulnerability characteristics and the corresponding fuzzy sets. We apply Mamdani style fuzzy inferences by developing sets of rules to infer the presence of BOF warning present in programs. Moreover, for the overall assessment of a program's vulnerability level, we design a multi-unit fuzzy logic-based system. The auditor has been evaluated with benchmark programs that contain BOF vulnerabilities. The results show that our auditor performs better compared to the existing auditing tools. The auditor can be used as a basis to assure the quality of a program against BOF vulnerabilities.
ISBN:9781467300063
1467300063
DOI:10.1109/DASC.2011.45