A Fuzzy Logic-Based Buffer Overflow Vulnerability Auditor
Buffer overflow (BOF) vulnerabilities in programs might result in unwanted consequences such as neighboring data corruption and execution of arbitrary code. To assure that implemented programs are free from BOF, auditing is a well known quality assurance method. Today, there exist few tools that aid...
Uloženo v:
| Vydáno v: | 2011 IEEE Ninth International Conference on Dependable, Autonomic and Secure Computing s. 137 - 144 |
|---|---|
| Hlavní autoři: | , |
| Médium: | Konferenční příspěvek |
| Jazyk: | angličtina |
| Vydáno: |
IEEE
01.12.2011
|
| Témata: | |
| ISBN: | 9781467300063, 1467300063 |
| On-line přístup: | Získat plný text |
| Tagy: |
Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
|
| Abstract | Buffer overflow (BOF) vulnerabilities in programs might result in unwanted consequences such as neighboring data corruption and execution of arbitrary code. To assure that implemented programs are free from BOF, auditing is a well known quality assurance method. Today, there exist few tools that aid an auditor to partially automate the task of BOF vulnerability auditing. These tools provide too many warnings that are often similar types to be dealt with and do not allow an auditor providing his/her opinions to better interpret the generated warnings. To improve the quality of warnings, we propose a fuzzy logic-based BOF vulnerability auditor. Our contribution includes the development of crisp BOF vulnerability characteristics and the corresponding fuzzy sets. We apply Mamdani style fuzzy inferences by developing sets of rules to infer the presence of BOF warning present in programs. Moreover, for the overall assessment of a program's vulnerability level, we design a multi-unit fuzzy logic-based system. The auditor has been evaluated with benchmark programs that contain BOF vulnerabilities. The results show that our auditor performs better compared to the existing auditing tools. The auditor can be used as a basis to assure the quality of a program against BOF vulnerabilities. |
|---|---|
| AbstractList | Buffer overflow (BOF) vulnerabilities in programs might result in unwanted consequences such as neighboring data corruption and execution of arbitrary code. To assure that implemented programs are free from BOF, auditing is a well known quality assurance method. Today, there exist few tools that aid an auditor to partially automate the task of BOF vulnerability auditing. These tools provide too many warnings that are often similar types to be dealt with and do not allow an auditor providing his/her opinions to better interpret the generated warnings. To improve the quality of warnings, we propose a fuzzy logic-based BOF vulnerability auditor. Our contribution includes the development of crisp BOF vulnerability characteristics and the corresponding fuzzy sets. We apply Mamdani style fuzzy inferences by developing sets of rules to infer the presence of BOF warning present in programs. Moreover, for the overall assessment of a program's vulnerability level, we design a multi-unit fuzzy logic-based system. The auditor has been evaluated with benchmark programs that contain BOF vulnerabilities. The results show that our auditor performs better compared to the existing auditing tools. The auditor can be used as a basis to assure the quality of a program against BOF vulnerabilities. |
| Author | Zulkernine, M. Shahriar, H. |
| Author_xml | – sequence: 1 givenname: H. surname: Shahriar fullname: Shahriar, H. email: shahriar@cs.queensu.ca organization: Sch. of Comput., Queen's Univ., Kingston, ON, Canada – sequence: 2 givenname: M. surname: Zulkernine fullname: Zulkernine, M. email: mzulker@cs.queensu.ca organization: Sch. of Comput., Queen's Univ., Kingston, ON, Canada |
| BookMark | eNotjr1OwzAURo0ACSjZ2FjyAgn3xo4dj2loASlSByrWyo5vkFFIkJOA2qen_EzfOcvRd8XO-qEnxm4QUkTQd_flc5VmgJiK_IRFWhWgpM6FxEyc_joKqTgASH7BonF8gx-WGhRcMl3G6_lw2Mf18OqbZGlGcvFyblsK8eaTQtsNX_HL3PUUjPWdn_ZxOTs_DeGanbemGyn63wXbrlfb6jGpNw9PVVknXsOUFFKBlYjOZYQOeWONLRrUFpTIW62J1PFrZrRTmcp1RmDa3AgkklZKK_iC3f5lPRHtPoJ_N2G_OxYLLgX_Bh1gSG4 |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IL CBEJK RIE RIL |
| DOI | 10.1109/DASC.2011.45 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Xplore POP ALL IEEE Xplore All Conference Proceedings IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP All) 1998-Present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| EISBN | 9780769546124 0769546129 |
| EndPage | 144 |
| ExternalDocumentID | 6118364 |
| Genre | orig-research |
| GroupedDBID | 6IE 6IF 6IK 6IL 6IN AAJGR AAWTH ADFMO ALMA_UNASSIGNED_HOLDINGS BEFXN BFFAM BGNUA BKEBE BPEOZ CBEJK IEGSK IERZE OCL RIE RIL |
| ID | FETCH-LOGICAL-i90t-8670b611dd2e1d13cbab8c19b0745f99ee79542a9d727592e0af5a41ee6b66b43 |
| IEDL.DBID | RIE |
| ISBN | 9781467300063 1467300063 |
| IngestDate | Wed Aug 27 03:39:45 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | false |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i90t-8670b611dd2e1d13cbab8c19b0745f99ee79542a9d727592e0af5a41ee6b66b43 |
| PageCount | 8 |
| ParticipantIDs | ieee_primary_6118364 |
| PublicationCentury | 2000 |
| PublicationDate | 2011-Dec. |
| PublicationDateYYYYMMDD | 2011-12-01 |
| PublicationDate_xml | – month: 12 year: 2011 text: 2011-Dec. |
| PublicationDecade | 2010 |
| PublicationTitle | 2011 IEEE Ninth International Conference on Dependable, Autonomic and Secure Computing |
| PublicationTitleAbbrev | dasc |
| PublicationYear | 2011 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| SSID | ssj0000669070 ssib026766178 |
| Score | 1.4965189 |
| Snippet | Buffer overflow (BOF) vulnerabilities in programs might result in unwanted consequences such as neighboring data corruption and execution of arbitrary code. To... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 137 |
| SubjectTerms | Buffer overflow Fuzzy logic Fuzzy sets Indexes Libraries Pragmatics Security vulnerability auditor |
| Title | A Fuzzy Logic-Based Buffer Overflow Vulnerability Auditor |
| URI | https://ieeexplore.ieee.org/document/6118364 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3PT8IwGP2CxIMnNWD8nR48OmnXrdt3BJR4QhKJ4Ub6awkJYQaZBv562wLTgxdv6y5rs2bv9dv33gO440xjqjl1ZxPuTbUljdDINDJCa51IVLEqQthENhzmkwmOGnBfa2GstaH5zD74y_Av35S68qWyjnBsmIvkAA6yTGy1Wvu9E4tMeLVbXV9xUOrOfTRouYQ3ZXdYvLd42o_rRnjsPHZf-1tDTy9s-hW0EnBmcPy_GZ5A-0ewR0Y1FJ1Cwy5agF0yqDabNfF5yjrqObwypFf5QBTy4nZwMS-_yFs1977ToUV2Tbpeo1Eu2zAePI37z9EuKSGaIV1Fucioco82JrbMMK6VVLlmqBw_SAtEazNMk1iicWwlxdhSWaQyYdYKJYRK-Bk0F-XCngMR7gPoWIIqqMkTXcQovLiWKxYrJh13vICWX_X0feuFMd0t-PLv21dwFGqwof3jGpqrZWVv4FB_rmYfy9vwAr8BVwSVWw |
| linkProvider | IEEE |
| linkToHtml | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3PT8IwGP2CaKInNWD8bQ8enXZd161HQAlGRBKJ4Ub6awkJYQaZBv562wLTgxdv6y5rs2bv9dv33gO4jkLFYxVhezaJnKm2wAHXIg40U0pRwSWRmQ-bSHq9dDjk_QrclFoYY4xvPjO37tL_y9e5Klyp7I5ZNhwxugXbMaUEr9Ram91DWMKc3q2ssFgwtSc_7NVczNmyWzTemDxtxmUrPL-7b7y2VpaeTtr0K2rFI017_39zPID6j2QP9UswOoSKmdaAN1C7WC4XyCUqq6BpEUujZuEiUdCL3cPZJP9Cb8XEOU_7JtkFajiVRj6rw6D9MGh1gnVWQjDmeB6kLMHSPlprYkIdRkoKmaqQS8sQ4oxzYxIeUyK4tnwl5sRgkcWChsYwyZik0RFUp_nUHANi9hNoeYLMsE6pyghnTl4byZDIUFj2eAI1t-rR-8oNY7Re8Onft69gtzN47o66j72nM9jzFVnfDHIO1fmsMBewoz7n44_ZpX-Z31WXmKI |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=2011+IEEE+Ninth+International+Conference+on+Dependable%2C+Autonomic+and+Secure+Computing&rft.atitle=A+Fuzzy+Logic-Based+Buffer+Overflow+Vulnerability+Auditor&rft.au=Shahriar%2C+H.&rft.au=Zulkernine%2C+M.&rft.date=2011-12-01&rft.pub=IEEE&rft.isbn=9781467300063&rft.spage=137&rft.epage=144&rft_id=info:doi/10.1109%2FDASC.2011.45&rft.externalDocID=6118364 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=9781467300063/lc.gif&client=summon&freeimage=true |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=9781467300063/mc.gif&client=summon&freeimage=true |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=9781467300063/sc.gif&client=summon&freeimage=true |