Title :
An Evolutionary Computing Approach for Hunting Buffer Overflow Vulnerabilities: A Case of Aiming in Dim Light
Author :
Rawat, Sanjay ; Mounier, Laurent
Author_Institution :
Verimag Lab., Univ. Joseph Fourier, Gières, France
Abstract :
We propose an approach in the form of a light weight smart fuzzer to generate string based inputs to detect buffer overflow vulnerability in C code. The approach is based on an evolutionary algorithm which is a combination of genetic algorithm and evolutionary strategies. In this preliminary work we focus on the problem that there are constraints on string inputs that must be satisfied in order to reach the vulnerable statement in the code and we have very little or no knowledge about them. Unlike other similar approaches, our approach is able to generate such inputs without knowing these constraints explicitly. It learns these constraints automatically while generating inputs dynamically by executing the vulnerable program. We provide few empirical results on a benchmarking dataset-Verisec suite of programs.
Keywords :
benchmark testing; genetic algorithms; program testing; software reliability; C code; Verisec suite; buffer overflow vulnerabilities; dim light; evolutionary computing approach; evolutionary strategies; genetic algorithm; light weight smart fuzzer; Evolutionary computation; Gallium; Instruments; Performance analysis; Runtime; Security; Software; buffer overflow; data- and control-flow; evolutionary algorithm; fuzzing; vulnerability;
Conference_Titel :
Computer Network Defense (EC2ND), 2010 European Conference on
Conference_Location :
Berlin
Print_ISBN :
978-1-4244-9377-7
DOI :
10.1109/EC2ND.2010.14