Light-Weight Rule-Based Test Case Generation for Detecting Buffer Overflow Vulnerabilities

Author

Padmanabhuni, Bindu Madhavi ; Hee Beng Kuan Tan

Author_Institution

Sch. of Electr. & Electron. Eng., Nanyang Technol. Univ., Singapore, Singapore

fYear

2015

fDate

23-24 May 2015

Firstpage

48

Lastpage

52

Abstract

Buffer overflow exploits form a substantial portion of input manipulation attacks as they are commonly found and are easy to exploit. Despite existence of many detection solutions, buffer overflow bugs are widely being reported in multitude of applications suggesting either inherent limitations in current solutions or problems with their adoption by the end-users. To address this, we propose a novel light-weight rule-based test case generation approach for detecting buffer overflows. The proposed approach uses information collected from static program analysis and pre-defined rules to generate test cases. Since the proposed approach uses only static analysis information and does not involve any constraint solving it is termed as light-weight. Our experimental evaluation on benchmark programs shows that the test inputs generated by the proposed approach are effective in detecting known bugs along with reporting some new bugs.

Keywords

program debugging; program diagnostics; program testing; benchmark programs; buffer overflow bugs; buffer overflow vulnerability detection; input manipulation attacks; light-weight rule-based test case generation approach; static analysis information; static program analysis; Benchmark testing; Buffer overflows; Computer bugs; Genetic algorithms; Indexes; Input variables; buffer overflows; data and control dependency; detection; static analysis; test inputs; vulnerability;

fLanguage

English

Publisher

ieee

Conference_Titel

Automation of Software Test (AST), 2015 IEEE/ACM 10th International Workshop on

Conference_Location

Florence

Type

conf

DOI

10.1109/AST.2015.17

Filename

7166266