Announcements

Center for Information Protection
UC Davis is planning to join the NSF I/UCRC Center for Information Protection. We are looking for companies to join our Industrial Advisory Board.
Find out more here!

Conferences and Workshops

My Links

Other Links

This Quarter’s Classes

Office Hours for This Quarter

Contacting Me

Testing C Programs for Buffer Overflow Vulnerabilities


Citation

  • E. Haugh and M. Bishop, “Testing C Programs for Buffer Overflow Vulnerabilities,” Proceedings of the 2003 Network and Distributed System Security Symposium pp. 123–130 (Feb. 2003).

Paper

Abstract

Security vulnerabilities often result from buffer overflows. A testing technique that instruments programs with code that keeps track of memory buffers, and checks arguments to functions to determine if they satisfy certain conditions, warns when a buffer overflow may occur. It does so when executed with “normal” test data as opposed to test data designed to trigger buffer overflows. A tool using this method was developed and evaluated by testing three widely used, open source software packages. This evaluation shows that the tool is useful for finding buffer overflow flaws, that it has a low false positive rate, and compares well with other techniques.

Copyright Notice

©2003 Internet Society. This is the author’s version of the work. It is posted here for your personal use. Not for redistribution. The definitive version was published in Proceedings of the 2003 Network and Distributed System Security Symposiu, Feb. 2003.

Valid HTML 4.01 Transitional Built with BBEdit Built on a Macintosh
Last updated on Monday, July 20, 2009 at 10:33:15AM PDT