通过成分分析防止缓冲区溢出

29th Annual International Computer Software and Applications Conference (COMPSAC'05) Pub Date : 2005-07-26 DOI:10.1109/COMPSAC.2005.54

D. Llewellyn-Jones, M. Merabti, Q. Shi, R. Askwith

{"title":"通过成分分析防止缓冲区溢出","authors":"D. Llewellyn-Jones, M. Merabti, Q. Shi, R. Askwith","doi":"10.1109/COMPSAC.2005.54","DOIUrl":null,"url":null,"abstract":"Buffer overrun vulnerabilities cause significant security problems, and have proven to be difficult to prevent. In this paper we present a novel approach to tackling the problem. Rather than concentrate on how to prevent the use of code containing buffer overrun vulnerabilities, we look at component composition techniques that can allow vulnerable code to be executed in a safe way within a composed application. We establish how this can be determined in an automated way using formal code analysis techniques and present results from the prototype system that we have developed for this purpose.","PeriodicalId":419267,"journal":{"name":"29th Annual International Computer Software and Applications Conference (COMPSAC'05)","volume":"33 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Buffer overrun prevention through component composition analysis\",\"authors\":\"D. Llewellyn-Jones, M. Merabti, Q. Shi, R. Askwith\",\"doi\":\"10.1109/COMPSAC.2005.54\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Buffer overrun vulnerabilities cause significant security problems, and have proven to be difficult to prevent. In this paper we present a novel approach to tackling the problem. Rather than concentrate on how to prevent the use of code containing buffer overrun vulnerabilities, we look at component composition techniques that can allow vulnerable code to be executed in a safe way within a composed application. We establish how this can be determined in an automated way using formal code analysis techniques and present results from the prototype system that we have developed for this purpose.\",\"PeriodicalId\":419267,\"journal\":{\"name\":\"29th Annual International Computer Software and Applications Conference (COMPSAC'05)\",\"volume\":\"33 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2005-07-26\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"29th Annual International Computer Software and Applications Conference (COMPSAC'05)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/COMPSAC.2005.54\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"29th Annual International Computer Software and Applications Conference (COMPSAC'05)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/COMPSAC.2005.54","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

摘要

缓冲区溢出漏洞会导致严重的安全问题，并且已被证明很难预防。在本文中，我们提出了一种解决这个问题的新方法。我们不关注如何防止使用包含缓冲区溢出漏洞的代码，而是关注组件组合技术，该技术允许在组合应用程序中以安全的方式执行易受攻击的代码。我们建立了如何使用正式的代码分析技术以自动化的方式确定这一点，并展示了我们为此目的开发的原型系统的结果。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Buffer overrun prevention through component composition analysis

Buffer overrun vulnerabilities cause significant security problems, and have proven to be difficult to prevent. In this paper we present a novel approach to tackling the problem. Rather than concentrate on how to prevent the use of code containing buffer overrun vulnerabilities, we look at component composition techniques that can allow vulnerable code to be executed in a safe way within a composed application. We establish how this can be determined in an automated way using formal code analysis techniques and present results from the prototype system that we have developed for this purpose.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

29th Annual International Computer Software and Applications Conference (COMPSAC'05)

自引率

0.00%

发文量