Automatic Removal of Buffer Overflow Vulnerabilities in C/C++ Programs

Sun Ding; Hee Beng Kuan Tan; Hongyu Zhang

doi:10.5220/0004888000490059

Automatic Removal of Buffer Overflow Vulnerabilities in C/C++ Programs

Sun Ding, Hee Beng Kuan Tan, Hongyu Zhang

2014

Abstract

Buffer overflow vulnerability is one of the commonly found significant security vulnerabilities. This vulnerability may occur if a program does not sufficiently prevent input from exceeding intended size or accessing unintended memory locations. Researchers have put effort in different directions to address this vulnerability, including creating a run-time defence mechanism, proposing effective detection methods or automatically modifying the original program to remove the vulnerabilities. These techniques share many commonalities and also have differences. In this paper, we characterize buffer overflow vulnerability in the form of four patterns and propose ABOR--a framework that integrates, extends and generalizes existing techniques to remove buffer overflow vulnerability more effectively and accurately. ABOR only patches identified code segments; thus it is an optimized solution that can eliminate buffer overflows while keeping a minimum runtime overhead. We have implemented the proposed approach and evaluated it through experiments on a set of benchmarks and three industrial C/C++ applications. The experiment result proves ABOR’s effectiveness in practice.

Download

Paper Citation

in Harvard Style

Ding S., Tan H. and Zhang H. (2014). Automatic Removal of Buffer Overflow Vulnerabilities in C/C++ Programs . In Proceedings of the 16th International Conference on Enterprise Information Systems - Volume 2: ICEIS, ISBN 978-989-758-028-4, pages 49-59. DOI: 10.5220/0004888000490059

in Bibtex Style

@conference{iceis14,
author={Sun Ding and Hee Beng Kuan Tan and Hongyu Zhang},
title={Automatic Removal of Buffer Overflow Vulnerabilities in C/C++ Programs},
booktitle={Proceedings of the 16th International Conference on Enterprise Information Systems - Volume 2: ICEIS,},
year={2014},
pages={49-59},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004888000490059},
isbn={978-989-758-028-4},
}

in EndNote Style

TY - CONF
JO - Proceedings of the 16th International Conference on Enterprise Information Systems - Volume 2: ICEIS,
TI - Automatic Removal of Buffer Overflow Vulnerabilities in C/C++ Programs
SN - 978-989-758-028-4
AU - Ding S.
AU - Tan H.
AU - Zhang H.
PY - 2014
SP - 49
EP - 59
DO - 10.5220/0004888000490059