基于二进制代码识别缓冲区溢出漏洞

2011 IEEE International Conference on Computer Science and Automation Engineering Pub Date : 2011-06-10 DOI:10.1109/CSAE.2011.5952950

Shunli Ding, Jingbo Yuan

{"title":"基于二进制代码识别缓冲区溢出漏洞","authors":"Shunli Ding, Jingbo Yuan","doi":"10.1109/CSAE.2011.5952950","DOIUrl":null,"url":null,"abstract":"Buffer overflow attack is the most common and arguably the most dangerous attack method. The buffer overflow detecting will play a significant role in network security filed. Various solutions have been developed to address the buffer overflow vulnerability problem. The paper presents a method that combines static analysis with dynamic test. By using the method we can identify a lot of potential weakness locations. A buffer overflow vulnerabilities testing system was developed. Using the system some PE-format files and dynamic link library files are detected respectively. The experiment results show that the method is feasibility and availability.","PeriodicalId":138215,"journal":{"name":"2011 IEEE International Conference on Computer Science and Automation Engineering","volume":"4 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Identifying buffer overflow vulnerabilities based on binary code\",\"authors\":\"Shunli Ding, Jingbo Yuan\",\"doi\":\"10.1109/CSAE.2011.5952950\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Buffer overflow attack is the most common and arguably the most dangerous attack method. The buffer overflow detecting will play a significant role in network security filed. Various solutions have been developed to address the buffer overflow vulnerability problem. The paper presents a method that combines static analysis with dynamic test. By using the method we can identify a lot of potential weakness locations. A buffer overflow vulnerabilities testing system was developed. Using the system some PE-format files and dynamic link library files are detected respectively. The experiment results show that the method is feasibility and availability.\",\"PeriodicalId\":138215,\"journal\":{\"name\":\"2011 IEEE International Conference on Computer Science and Automation Engineering\",\"volume\":\"4 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-06-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 IEEE International Conference on Computer Science and Automation Engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CSAE.2011.5952950\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 IEEE International Conference on Computer Science and Automation Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSAE.2011.5952950","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

摘要

缓冲区溢出攻击是最常见也是最危险的攻击方法。缓冲区溢出检测将在网络安全领域发挥重要作用。已经开发了各种解决方案来解决缓冲区溢出漏洞问题。本文提出了一种静态分析与动态测试相结合的方法。利用该方法可以识别出许多潜在的弱点位置。开发了一个缓冲区溢出漏洞测试系统。利用该系统分别检测了pe格式文件和动态链接库文件。实验结果表明了该方法的可行性和有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Identifying buffer overflow vulnerabilities based on binary code

Buffer overflow attack is the most common and arguably the most dangerous attack method. The buffer overflow detecting will play a significant role in network security filed. Various solutions have been developed to address the buffer overflow vulnerability problem. The paper presents a method that combines static analysis with dynamic test. By using the method we can identify a lot of potential weakness locations. A buffer overflow vulnerabilities testing system was developed. Using the system some PE-format files and dynamic link library files are detected respectively. The experiment results show that the method is feasibility and availability.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2011 IEEE International Conference on Computer Science and Automation Engineering

自引率

0.00%

发文量