Title :
Bodhi: Detecting Buffer Overflows with a Game
Author :
Chen, Jie ; Mao, Xiaoguang
Author_Institution :
Nat. Lab. for Parallel & Distrib. Process., Changsha, China
Abstract :
Buffer overflow is one of the most dangerous and common vulnerabilities in CPS software. Despite static and dynamic analysis, manual analysis is still heavily used which is useful but costly. Human computation harness humans´ time and energy in a way of playing games to solve computational problems. In this paper we propose a human computation method to detect buffer overflows that does not ask a person whether there is a potential vulnerability, but rather a random person´s idea. We implement this method as a game called Bodhi in which each player is shown a piece of code snippet and asked to choose whether their partner would think there is a buffer overflow vulnerability at a given position in the code. The purpose of the game is to make use of the rich distributed human resource to increase effectiveness of manual detection for buffer overflows. The game has been proven to be efficient and enjoyable in practice.
Keywords :
buffer storage; game theory; program debugging; program diagnostics; Bodhi; CPS software; buffer overflow vulnerability; buffer overflows detection; computational problems; dynamic analysis; game; human computation method; human resource; manual analysis; piece of code snippet; static analysis; Buffer overflow; Games; Humans; Manuals; Programming; Servers; Software; CPS; software vulnerability; buffer overflow; human computation; game;
Conference_Titel :
Software Security and Reliability Companion (SERE-C), 2012 IEEE Sixth International Conference on
Conference_Location :
Gaithersburg, MD
Print_ISBN :
978-1-4673-2670-4
DOI :
10.1109/SERE-C.2012.35
