Method of integer overflow detection to avoid buffer overflow

A simplified integer overflow detection method based on path relaxation is described for avoiding buffer overflow triggered by integer overflow. When the integer overflow refers to the size of the buffer allocated dynamically, this kind of integer overflow is most likely to trigger buffer overflow. Based on this discovery, through lightly static program analysis, the solution traces the key variables referring to the size of a buffer allocated dynamically and it maintains the upper bound and lower bound of these variables. After the constraint information of these traced variables is inserted into the original program, this method tests the program with test cases through path relaxation, which means that it not only reports the errors revealed by the current runtime value of traced variables contained in the test case, but it also examines the errors possibly occurring under the same execution path with all the possible values of the traced variables. The effectiveness of this method is demonstrated in a case study. Compared with the traditional buffer overflow detection methods, this method reduces the burden of detection and improves efficiency.

Buffer Overflow Detection on Binary Code

Most solutions for detecting buffer overflow are based on source code. But the requirement tor source code is not always practical especially for business software. A new approach was presented to detect statically the potential buffer overflow vulnerabilities in the binary code of software. The binary code was translated into assembly code without the lose of the information of string operation functions. The feature code abstract graph was constructed to generate more accurate constraint statements, and analyze the assembly code using the method of integer range constraint. After getting the elementary report on suspicious code where buffer overflows possibly happen, the control flow sensitive analysis using program dependence graph was done to decrease the rate of false positive. A prototype was implemented which demonstrates the feasibility and efficiency of the new approach.

RICB： Integer Overflow Vulnerability Dynamic Analysis via Buffer Overflow

Integer overflow vulnerability will cause buffer overflow. The research on the relationship between them will help us to detect integer overflow vulnerability. We present a dynamic analysis methods RICB （Run-time Integer Checking via Buffer overflow）. Our approach includes decompile execute file to assembly language; debug the execute file step into and step out; locate the overflow points and checking buffer overflow caused by integer overflow. We have implemented our approach in three buffer overflow types： format string overflow, stack overflow and heap overflow. Experiments results show that our approach is effective and efficient. We have detected more than 5 known integer overflow vulnerabilities via buffer overflow.

Method of Preventing Buffer Overflow Attacks by Intercepting DLL Functions

The way of intercepting Windows DLL functions against buffer overflow attacks is evaluated. It＇s produced at the expense of hooking vulnerable DLL functions by addition of check code. If the return address in the stack belongs to a heap or stack page, the call is from illicit code and the program is terminated. The signature of malicious code is recorded, so it is possible for the next attack to be filtered out. The return-into-libc attacks are detected by comparing the entry address of DLL functions with the overwritten return address in the stack. The presented method interrupts the execution of malicious code and prevents the system from being hijacked when these intercepted DLL functions are invoked in the context of buffer overflow.

Detection of Buffer Overflow Attacks with Memoization-based Rule Set

Different abnormalities are commonly encountered in computer network systems.These types of abnormalities can lead to critical data losses or unauthorized access in the systems.Buffer overflow anomaly is a prominent issue among these abnormalities,posing a serious threat to network security.The primary objective of this study is to identify the potential risks of buffer overflow that can be caused by functions frequently used in the PHP programming language and to provide solutions to minimize these risks.Static code analyzers are used to detect security vulnerabilities,among which SonarQube stands out with its extensive library,flexible customization options,and reliability in the industry.In this context,a customized rule set aimed at automatically detecting buffer overflows has been developed on the SonarQube platform.The memoization optimization technique used while creating the customized rule set enhances the speed and efficiency of the code analysis process.As a result,the code analysis process is not repeatedly run for code snippets that have been analyzed before,significantly reducing processing time and resource utilization.In this study,a memoization-based rule set was utilized to detect critical security vulnerabilities that could lead to buffer overflow in source codes written in the PHP programming language.Thus,the analysis process is not repeatedly run for code snippets that have been analyzed before,leading to a significant reduction in processing time and resource utilization.In a case study conducted to assess the effectiveness of this method,a significant decrease in the source code analysis time was observed.

Protecting Against Address Space Layout Randomisation (ASLR) Compromises and Return-to-Libc Attacks Using Network Intrusion Detection Systems

Writable XOR executable （W⊕X） and address space layout randomisation （ASLR） have elevated the understanding necessary to perpetrate buffer overflow exploits [1] . However, they have not proved to be a panacea [1 3] , and so other mechanisms, such as stack guards and prelinking, have been introduced. In this paper, we show that host-based protection still does not offer a complete solution. To demonstrate the protection inadequacies, we perform an over the network brute force return-to-libc attack against a preforking concurrent server to gain remote access to a shell. The attack defeats host protection including W⊕X and ASLR. We then demonstrate that deploying a network intrusion detection systems （NIDS） with appropriate signatures can detect this attack efficiently.

Method of militarysoftware securityand vulnerability testing based on process mutation

To solve the problems caused by military software security issues,this paper firstly introduces a new software fault injection technique,namely main static fault injection method:program mutation.And then source code for testing this algorithm is put forward.On this basis buffer overflow testing based on program mutation is conducted.Finally several military software source codes for buffer overflow testing are tested using deficiency tracking system(DTS)tool,Experimental results show the effectiveness of the proposed algorithm.

A buffer overflow detection and defense method based on RiSC-V instruction set extension

Buffer overflow poses a serious threat to the memory security of modern operating systems.It overwrites the con-tents of other memory areas by breaking through the buffer capacity limit,destroys the system execution environ-ment,and provides implementation space for various system attacks such as program control flow hijacking.That makes it a wide range of harms.A variety of security technologies have been proposed to deal with system security problems including buffer overflow.For example,No eXecute(NX for short)is a memory management technology commonly used in Harvard architecture.It can refuse the execution of code which residing in a specific memory,and can effectively suppress the abnormal impact of buffer overflow on control flow.Therefore,in recent years,it has also been used in the field of system security,deriving a series of solutions based on NX technology,such as ExecShield,DEP,StackGuard,etc.However,these security solutions often rely too much on the processor archi-tecture so that the protection coverage is insufficient and the accuracy is limited.Especially in the emerging system architecture field represented by RiSC-V,there is still a lack of effective solutions for buffer overflow vulnerabilities.With the continuous rapid development of the system architecture,it is urgent to develop defense methods that are applicable to different system application environments and oriented to all executable memory spaces to meet the needs of system security development.Therefore,we propose BOP,A new system memory security design method based on RISC-V extended instructions,to build a RISC-V buffer overflow detection and defense system and deal with the buffer overflow threat in RIsC-V.According to this method,NX technology can be combined with program control flow analysis,and Nx bit mechanism can be used to manage the executability of memory space,so as to achieve a more granular detection and defense of buffer overflow attacks that may occur in RISC-V system environment.In addition,The memory management and control function of BOP is not only very suitable for solving the security problems in the existing single architecture system,but also widely applicable to the combina-tion of multiple heterogeneous systems.

Automatic Buffer Overflow Warning Validation

Static buffer overflow detection techniques tend to report too many false positives fundamentally due to the lack of software execution information. It is very time consuming to manually inspect all the static warnings. In this paper, we propose BovInspector, a framework for automatically validating static buffer overflow warnings and providing suggestions for automatic repair of true buffer overflow warnings for C programs. Given the program source code and the static buffer overflow warnings, BovInspector first performs warning reachability analysis. Then, BovInspector executes the source code symbolically under the guidance of reachable warnings. Each reachable warning is validated and classified by checking whether all the path conditions and the buffer overflow constraints can be satisfied simultaneously. For each validated true warning, BovInspector provides suggestions to automatically repair it with 11 repair strategies. BovInspector is complementary to prior static buffer overflow discovery schemes. Experimental results on real open source programs show that BovInspector can automatically validate on average 60% of total warnings reported by static tools.

An Buffer Overflow Automatic Detection Method Based on Operation Semantic

Buffer overflow is the most dangerous attack method that can be exploited. According to the statistics of Computer Emergency Readiness Team （ CERT ）, buffer overflow accounts for 50% of the current software vulnerabilities, and this ratio is going up. Considering a subset of C language, Mini C, this paper presents an abstract machine model that can realire buffer overflow detection, which is based on operation semantic. Thus the research on buffer overflow detection can be built on strict descriptions of operation semantic. Not only the correctness can be assured, but also the system can be realized and extended easily.