Automatic Removal of Buffer Overflow Vulnerabilities in C/C++ Programs

Sun Ding; Hee Beng Kuan Tan; Hongyu Zhang

Research.Publish.Connect.

*Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Country:
Subject:

Advanced Search Affiliations Search

If you're looking for an exact phrase use quotation marks on text fields.

Proceedings

Proceedings Search *Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

Papers

Papers Search *Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

Authors

Authors Search *Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

Advanced Search

Paper

Automatic Removal of Buffer Overflow Vulnerabilities in C/C++ Programs

Topics: Security and Privacy; Software Engineering; Tools, Techniques and Methodologies for System Development

In Proceedings of the 16th International Conference on Enterprise Information Systems - Volume 1: ICEIS, 49-59, 2014 , Lisbon, Portugal

Authors: Sun Ding ¹ ; Hee Beng Kuan Tan ¹ and Hongyu Zhang ²

Affiliations: ¹ Nanyang Technological University, Singapore ; ² Tsinghua University, China

Keyword(s): Buffer Overflow, Static Analysis, Automatic Bug Fixing, Security Vulnerability.

Related Ontology Subjects/Areas/Topics: Communication and Software Technologies and Architectures ; Computer-Supported Education ; e-Business ; Energy and Economy ; Enterprise Information Systems ; Information Systems Analysis and Specification ; Information Technologies Supporting Learning ; Mobile and Pervasive Computing ; Security and Privacy ; Software Engineering ; Sustainable Computing and Communications ; Telecommunications ; Tools, Techniques and Methodologies for System Development

Abstract: Buffer overflow vulnerability is one of the commonly found significant security vulnerabilities. This vulnerability may occur if a program does not sufficiently prevent input from exceeding intended size or accessing unintended memory locations. Researchers have put effort in different directions to address this vulnerability, including creating a run-time defence mechanism, proposing effective detection methods or automatically modifying the original program to remove the vulnerabilities. These techniques share many commonalities and also have differences. In this paper, we characterize buffer overflow vulnerability in the form of four patterns and propose ABOR--a framework that integrates, extends and generalizes existing techniques to remove buffer overflow vulnerability more effectively and accurately. ABOR only patches identified code segments; thus it is an optimized solution that can eliminate buffer overflows while keeping a minimum runtime overhead. We have implemented the p roposed approach and evaluated it through experiments on a set of benchmarks and three industrial C/C++ applications. The experiment result proves ABOR’s effectiveness in practice. (More)

CC BY-NC-ND 4.0

Guest: Register as new SciTePress user now for free.

SciTePress user: please login.

My Papers

You are not signed in, therefore limits apply to your IP address 3.145.47.193

In the current month:

Recent papers: 100 available of 100 total

2⁺ years older papers: 200 available of 200 total

Paper citation in several formats:

Ding, S.; Tan, H. and Zhang, H. (2014). Automatic Removal of Buffer Overflow Vulnerabilities in C/C++ Programs. In Proceedings of the 16th International Conference on Enterprise Information Systems - Volume 1: ICEIS; ISBN 978-989-758-028-4; ISSN 2184-4992, SciTePress, pages 49-59. DOI: 10.5220/0004888000490059

@conference{iceis14,
author={Sun Ding. and Hee Beng Kuan Tan. and Hongyu Zhang.},
title={Automatic Removal of Buffer Overflow Vulnerabilities in C/C++ Programs},
booktitle={Proceedings of the 16th International Conference on Enterprise Information Systems - Volume 1: ICEIS},
year={2014},
pages={49-59},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004888000490059},
isbn={978-989-758-028-4},
issn={2184-4992},
}

TY - CONF

JO - Proceedings of the 16th International Conference on Enterprise Information Systems - Volume 1: ICEIS
TI - Automatic Removal of Buffer Overflow Vulnerabilities in C/C++ Programs
SN - 978-989-758-028-4
IS - 2184-4992
AU - Ding, S.
AU - Tan, H.
AU - Zhang, H.
PY - 2014
SP - 49
EP - 59
DO - 10.5220/0004888000490059
PB - SciTePress