Abstract:According to the causes of buffer overflows, a novel detection method was proposed based on source code analysis. The sources were preprocessed and analyzed statically to construct relevant abstract syntax tree, control flow graph, function call graph and variable table in sequence. A finite automata based on the developed detection model was created to detect overflows. The C/C++ program with common buffer overflows was used to demonstrate the proposed method. The extensive experimental results show that compared to existing methods, the proposed detection model can detect all buffer overflow vulnerabilities efficiently. The dangerous function calls and the overflow filtering mechanism in the code can be recognized to reduce false positive rate. The proposed method can also be easily extended to detect the buffer overflows in the codes of other language source.
2016, Vol. 37 
