A Detection Approach for Buffer Overflow Vulnerability Based on Data Control Flow Graph

Buffer overflow vulnerability is currently one of the major security problems for programming languages written in C/C ++. To address this issue, existing studies have proposed varied detection techniques to eliminate buffer overflow vulnerability. However, these approaches are still far from finding an ideal solution to completely reduce buffer overflow vulnerability. This paper presents a detection approach for buffer overflow vulnerability based on Data Control Flow Graph (DCFG). The proposed approach first uses the dangerous function identification method to determine the dangerous points and the type of dangerous functions. We then construct the constraint rules of the dangerous function at the dangerous point to establish the constraint system. Finally, the constraint system is solved to obtain the result of the vulnerability determination. To explore this approach, we performed an extensive experiment and compared empirically with existing vulnerability detection tools. The result shows that the proposed method has a good effect on buffer overflow vulnerability detection, and can effectively improve detection efficiency.

[1]  Jacques Klein,et al.  Profiling Android Vulnerabilities , 2016, 2016 IEEE International Conference on Software Quality, Reliability and Security (QRS).

[2]  Dennis Hollingworth,et al.  Protection Analysis: Final Report , 1978 .

[3]  Oliver Kosut,et al.  Vulnerability Analysis and Consequences of False Data Injection Attack on Power System State Estimation , 2015, IEEE Transactions on Power Systems.

[4]  Marie-Laure Potet,et al.  Statically detecting use after free on binary code , 2014, Journal of Computer Virology and Hacking Techniques.

[5]  Rajeev Agrawal,et al.  Analyzing security threats as reported by the United States Computer Emergency Readiness Team (US-CERT) , 2013, 2013 IEEE International Conference on Intelligence and Security Informatics.

[6]  Jun Xu,et al.  Architecture Support for Defending Against Buffer Overflow Attacks , 2002 .

[7]  Xiang Li,et al.  A Mining Approach to Obtain the Software Vulnerability Characteristics , 2017, 2017 Fifth International Conference on Advanced Cloud and Big Data (CBD).

[8]  Konrad Rieck,et al.  Modeling and Discovering Vulnerabilities with Code Property Graphs , 2014, 2014 IEEE Symposium on Security and Privacy.

[9]  Liang Fang-fang Design and implementation of national security vulnerability database , 2011 .

[10]  Yuan Zhang,et al.  A Categorization Framework for Common Computer Vulnerabilities and Exposures , 2010, Comput. J..

[11]  Wei Zhang,et al.  Modelling Binary Oriented Software Buffer-Overflow Vulnerability in Process Algebra , 2015, 2015 Seventh International Symposium on Parallel Architectures, Algorithms and Programming (PAAP).

[12]  R. Jalili,et al.  Using CSP to model and analyze Transmission Control Protocol vulnerabilities within the broadcast network , 2004, 2004 International Networking and Communication Conference.

[13]  Julian Thomé,et al.  A scalable and accurate hybrid vulnerability analysis framework , 2015, 2015 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW).

[14]  Han Xinhui,et al.  二进制程序中的use-after-free漏洞检测技术 , 2017 .

[15]  Ruchi Sharma,et al.  Vulnerability Discovery in Open- and Closed-Source Software: A New Paradigm , 2018, Advances in Intelligent Systems and Computing.

[16]  Matt Bishop,et al.  A Taxonomy of Buffer Overflow Characteristics , 2012, IEEE Transactions on Dependable and Secure Computing.