Mutation-Based Testing of Integer Overflow Vulnerabilities

Author

Zeng, Fanping ; Mao, Liangliang ; Chen, Zhide ; Cao, Qing

Author_Institution

Dept. of Comput., Univ. of Sci. & Technol. of China, Hefei, China

fYear

2009

fDate

24-26 Sept. 2009

Firstpage

1

Lastpage

4

Abstract

Integer overflow vulnerability is a kind of common software vulnerabilities, there has been no effective way to detect integer overflow vulnerabilities. Because of the lack of dynamic execution, static analysis can not determine the run-time distribution of memory, and may miss the detection of possible security issues; source code auditing is an expensive and time consuming process. Although there has been applying mutation analysis for testing ANSI C programs, and lots of mutation operators have been designed with respect to specific questions, there are not any of operators specifically designed for integer overflow. In this paper, we propose some new mutation operators to force the generation of adequate test data set for integer overflow vulnerabilities. The results indicate that the proposed operators are effective for detecting integer overflow vulnerabilities.

Keywords

program diagnostics; program testing; security of data; ANSI C program testing; integer overflow vulnerabilities; mutation analysis; software vulnerabilities; static analysis; Buffer overflow; Computer languages; Genetic mutations; Runtime; Security; Software testing;

fLanguage

English

Publisher

ieee

Conference_Titel

Wireless Communications, Networking and Mobile Computing, 2009. WiCom '09. 5th International Conference on

Conference_Location

Beijing

Print_ISBN

978-1-4244-3692-7

Electronic_ISBN

978-1-4244-3693-4

Type

conf

DOI

10.1109/WICOM.2009.5302048

Filename

5302048