Buffer overflow detection method based on source code analysis

YIN  Ming; ZHANG  Gong-Xuan

doi:10.3969/j.issn.1671-7775.2016.04.013

PDF(1583 KB)

Journal of Jiangsu University(Natural Science Edition) ›› 2016, Vol. 37 ›› Issue (4) : 450-455. DOI: 10.3969/j.issn.1671-7775.2016.04.013

Article

Buffer overflow detection method based on source code analysis

Author information +

History +

Abstract

According to the causes of buffer overflows, a novel detection method was proposed based on source code analysis. The sources were preprocessed and analyzed statically to construct relevant abstract syntax tree, control flow graph, function call graph and variable table in sequence. A finite automata based on the developed detection model was created to detect overflows. The C/C++ program with common buffer overflows was used to demonstrate the proposed method. The extensive experimental results show that compared to existing methods, the proposed detection model can detect all buffer overflow vulnerabilities efficiently. The dangerous function calls and the overflow filtering mechanism in the code can be recognized to reduce false positive rate. The proposed method can also be easily extended to detect the buffer overflows in the codes of other language source.

Key words

buffer overflow detection / software development / finite automata / static code analysis / worm

Cite this article

EndNote

Ris (Procite)

Bibtex

Download Citations

YIN Ming, ZHANG Gong-Xuan. Buffer overflow detection method based on source code analysis[J]. Journal of Jiangsu University(Natural Science Edition), 2016, 37(4): 450-455 https://doi.org/10.3969/j.issn.1671-7775.2016.04.013

References

［1］俞许. 二进制代码缓冲区溢出检测技术研究［D］. 南京:南京大学, 2012.
［2］张之刚, 周宁, 牛霜霞,等. 远程缓冲区溢出攻击及防护［J］. 重庆理工大学学报(自然科学), 2010, 24(11):80-84.
ZHANG Z G,ZHOU N,NIU S X, et al. Remote buffer overflow attack and prevention［J］. Journal of Chongqing University of Technology(Natural Science), 2010, 24(11):80-84.(in Chinese)
［3］董鹏程, 舒辉, 康绯,等. 基于动态二进制平台的缓冲区溢出过程分析［J］. 计算机工程, 2012, 38(6):66-68.
DONG P C, SHU H, KANG F, et al. Process analysis of buffer overflow based on dynamic binary platform［J］. Computer Engineering, 2012, 38(6):66-68. (in Chinese)
［4］胡定文, 朱俊虎, 吴灏. 基于有限状态自动机的漏洞检测模型［J］. 计算机工程与设计, 2007,28 (8):1804-1806.
HU D W, ZHU J H, WU H. Vulnerability detection model based on finite automata［J］. Computer Engineering and Design, 2007, 28(8):1804-1806. (in Chinese)
［5］王雅文, 姚欣洪, 宫云战,等. 一种基于代码静态分析的缓冲区溢出检测算法［J］. 计算机研究与发展, 2012, 49(4):839-845.
WANG Y W, YAO X H, GONG Y Z, et al. A method of buffer overflow detection based on static code analysis［J］. Journal of Computer Research and Development,2012, 49(4):839-845. (in Chinese)
［6］DING S, TAN H B K, LIU K P, et al. Detection of buffer overflow vulnerabilities in C／C++with pattern based limited symbolic evaluation［C］∥Proc of the 36th Computer Software and Applications Conference. ［S.l.］:IEEE, 2012: 559-564.
［7］徐有福, 文伟平, 万正苏. 基于漏洞模型检测的安全漏洞挖掘方法研究［J］. 信息网络安全, 2011(8):72-75.
XU Y F, WEN W P, WAN Z S. Vulnerabilitybased model checking of security vulnerabilities mining method［J］. Netinfo Security,2011(8):72-75. (in Chinese)
［8］LIU X, CAI W D. A program vulnerabilities detection frame by static code analysis and model checking［C］∥2011 IEEE 3rd International Conference on Communication Software and Networks.Xi′an:IEEE, 2011: 130-134.
［9］KANG F, DONG P C, SHU H, et al. Process analysis of buffer overflow based on dynamic binary platform［C］∥The 2nd International Conference on Computer Application and System Modeling. Paris:Atlantis Press, 2012:1056-1059.
［10］HAUGH E, BISHOP M. Testing C programs for buffer overflow vulnerabilities［J］. Proceedings of the Network ＆ Distributed System Security Symposium, 2002, 17(3):411-423.
［11］YUAN J B, DING S L. A method for detecting buffer overflow vulnerabilities［C］∥2011 IEEE 3rd International Conference on Communication Software and Networks. ［S.l.］:IEEE, 2011:188-192.
［12］陈文宇. 形式语言与自动机理论若干问题研究［D］. 成都:电子科技大学, 2009.