Title :
Light-Weight Rule-Based Test Case Generation for Detecting Buffer Overflow Vulnerabilities
Author :
Padmanabhuni, Bindu Madhavi ; Hee Beng Kuan Tan
Author_Institution :
Sch. of Electr. & Electron. Eng., Nanyang Technol. Univ., Singapore, Singapore
Abstract :
Buffer overflow exploits form a substantial portion of input manipulation attacks as they are commonly found and are easy to exploit. Despite existence of many detection solutions, buffer overflow bugs are widely being reported in multitude of applications suggesting either inherent limitations in current solutions or problems with their adoption by the end-users. To address this, we propose a novel light-weight rule-based test case generation approach for detecting buffer overflows. The proposed approach uses information collected from static program analysis and pre-defined rules to generate test cases. Since the proposed approach uses only static analysis information and does not involve any constraint solving it is termed as light-weight. Our experimental evaluation on benchmark programs shows that the test inputs generated by the proposed approach are effective in detecting known bugs along with reporting some new bugs.
Keywords :
program debugging; program diagnostics; program testing; benchmark programs; buffer overflow bugs; buffer overflow vulnerability detection; input manipulation attacks; light-weight rule-based test case generation approach; static analysis information; static program analysis; Benchmark testing; Buffer overflows; Computer bugs; Genetic algorithms; Indexes; Input variables; buffer overflows; data and control dependency; detection; static analysis; test inputs; vulnerability;
Conference_Titel :
Automation of Software Test (AST), 2015 IEEE/ACM 10th International Workshop on
Conference_Location :
Florence
DOI :
10.1109/AST.2015.17
