DocumentCode
3279101
Title
Light-Weight Rule-Based Test Case Generation for Detecting Buffer Overflow Vulnerabilities
Author
Padmanabhuni, Bindu Madhavi ; Hee Beng Kuan Tan
Author_Institution
Sch. of Electr. & Electron. Eng., Nanyang Technol. Univ., Singapore, Singapore
fYear
2015
fDate
23-24 May 2015
Firstpage
48
Lastpage
52
Abstract
Buffer overflow exploits form a substantial portion of input manipulation attacks as they are commonly found and are easy to exploit. Despite existence of many detection solutions, buffer overflow bugs are widely being reported in multitude of applications suggesting either inherent limitations in current solutions or problems with their adoption by the end-users. To address this, we propose a novel light-weight rule-based test case generation approach for detecting buffer overflows. The proposed approach uses information collected from static program analysis and pre-defined rules to generate test cases. Since the proposed approach uses only static analysis information and does not involve any constraint solving it is termed as light-weight. Our experimental evaluation on benchmark programs shows that the test inputs generated by the proposed approach are effective in detecting known bugs along with reporting some new bugs.
Keywords
program debugging; program diagnostics; program testing; benchmark programs; buffer overflow bugs; buffer overflow vulnerability detection; input manipulation attacks; light-weight rule-based test case generation approach; static analysis information; static program analysis; Benchmark testing; Buffer overflows; Computer bugs; Genetic algorithms; Indexes; Input variables; buffer overflows; data and control dependency; detection; static analysis; test inputs; vulnerability;
fLanguage
English
Publisher
ieee
Conference_Titel
Automation of Software Test (AST), 2015 IEEE/ACM 10th International Workshop on
Conference_Location
Florence
Type
conf
DOI
10.1109/AST.2015.17
Filename
7166266
Link To Document