What Do We Know About Buffer Overflow Detection?-Reference-Cited by-同舟云学术

What Do We Know About Buffer Overflow Detection?

Published:2018-07 Issue:3 Volume:9 Page:1-33
ISSN:2640-4265
Container-title:International Journal of Systems and Software Security and Protection
language:en
Short-container-title:

Author:

Chaim Marcos Lordello¹^ORCID,Santos Daniel Soares²,Cruzes Daniela Soares³

Affiliation:

1. School of Arts, Sciences and Humanities, University of Sao Paulo, Sao Paulo, Brazil

2. Institute of Mathematical Sciences and Computing, University of Sao Paulo, São Carlos, Brazil

3. Department of Software Engineering, Safety & Security, SINTEF Digital, Trondheim, Norway

Abstract

Buffer overflow (BO) is a well-known and widely exploited security vulnerability. Despite the extensive body of research, BO is still a threat menacing security-critical applications. The authors present a comprehensive systematic review on techniques intended to detecting BO vulnerabilities before releasing a software to production. They found that most of the studies addresses several vulnerabilities or memory errors, being not specific to BO detection. The authors organized them in seven categories: program analysis, testing, computational intelligence, symbolic execution, models, and code inspection. Program analysis, testing and code inspection techniques are available for use by the practitioner. However, program analysis adoption is hindered by the high number of false alarms; testing is broadly used but in ad hoc manner; and code inspection can be used in practice provided it is added as a task of the software development process. New techniques combining object code analysis with techniques from different categories seem a promising research avenue towards practical BO detection.

Publisher

IGI Global

Subject

General Engineering

Reference98 articles.

1. Vulnerability detector using parse tree annotation

2. A static comprehensive analytical method for buffer overflow vulnerability detection.;S.Bilin;International Conference on Computer Science and Electronic Technology (CSET) (,2016

3. A tool for pro-active defense against the buffer overrun attack

Cited by 4 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Survey of Techniques to Detect Cwes in Program Binaries;2023

2. Do I really need all this work to find vulnerabilities?;Empirical Software Engineering;2022-08-06

3. Traceability in supply chains: A Cyber security analysis;Computers & Security;2022-01

4. Taxonomy of Cyber Threats to Application Security and Applicable Defenses;Modern Theories and Practices for Cyber Ethics and Security Compliance;2020