{"title":"A Taxonomy of Software Flaws Leading to Buffer Overflows","authors":"R. Khoury","doi":"10.1109/QRS57517.2022.00011","DOIUrl":null,"url":null,"abstract":"The buffer overflow attack has been dubbed ‘the vulnerability of the century’, because of the frequency and impact of this class of vulnerability. The wide variety of situations where this vulnerability can arise makes it particularly difficult to assess their occurrence or prevent them. In this paper, we present a novel taxonomy of programming errors which can lead to buffer overflows. This taxonomy easily translates into preconditions that ensure the code’s safe execution. We also illustrate each taxonomic class with a real-life example. Finally, from these examples, we draw a series of principles that developers can immediately incorporate in their programming habits in order to improve the security of their code.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/QRS57517.2022.00011","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
The buffer overflow attack has been dubbed ‘the vulnerability of the century’, because of the frequency and impact of this class of vulnerability. The wide variety of situations where this vulnerability can arise makes it particularly difficult to assess their occurrence or prevent them. In this paper, we present a novel taxonomy of programming errors which can lead to buffer overflows. This taxonomy easily translates into preconditions that ensure the code’s safe execution. We also illustrate each taxonomic class with a real-life example. Finally, from these examples, we draw a series of principles that developers can immediately incorporate in their programming habits in order to improve the security of their code.