Title :
Mutation-Based Testing of Buffer Overflow Vulnerabilities
Author :
Shahriar, Hossain ; Zulkernine, Mohammad
Author_Institution :
Sch. of Comput., Queen´´s Univ., Kingston, ON
fDate :
July 28 2008-Aug. 1 2008
Abstract :
Buffer overflow (BOF) is one of the major vulnerabilities that leads to non-secure software. Testing an implementation for BOF vulnerabilities is challenging as the underlying reasons of buffer overflow vary widely. Moreover, the existing vulnerability testing approaches do not address the issue of generating adequate test data sets for testing BOF vulnerabilities. In this work, we apply the idea of mutation-based testing technique to generate adequate test data set for BOF vulnerabilities. Our work addresses those BOF vulnerabilities, which are related to an implementation language and its associated libraries. We apply the concept for ANSI C language and its associated libraries. We propose 12 mutation operators to force the generation of adequate test data set for BOF vulnerabilities. The proposed operators are validated by using four open source programs. The results indicate that the proposed operators are effective for testing BOF vulnerabilities.
Keywords :
buffer storage; program testing; public domain software; ANSI C language; buffer overflow vulnerabilities; mutation-based testing; open source programs; vulnerability testing; ANSI standards; Application software; Buffer overflow; Computer applications; Genetic mutations; Monitoring; Performance evaluation; Runtime; Software libraries; Software testing; Buffer overflow; Mutation-based testing; Vulnerabilities;
Conference_Titel :
Computer Software and Applications, 2008. COMPSAC '08. 32nd Annual IEEE International
Conference_Location :
Turku
Print_ISBN :
978-0-7695-3262-2
Electronic_ISBN :
0730-3157
DOI :
10.1109/COMPSAC.2008.123
