@inproceedings{ INSPEC:7769613, Publication-Type = {{J}}, Type = {{Conference Paper}}, Title = {{Testing C programs for buffer overflow vulnerabilities}}, Author = {Haugh, E. and Bishop, M.}, Booktitle = {{10th Annual Network and Distributed System Security Symposium }}, Pages = {{8 pp.}}, Note = {{Network and Distributed System Security Symposium, 6-7 Feb. 2003, San Diego, CA, USA}}, Abstract = {{Security vulnerabilities often result from buffer overflows. A testing technique that instruments programs with code that keeps track of memory buffers, and checks arguments to functions to determine if they satisfy certain conditions, warns when a buffer overflow may occur. It does so when executed with ``normal{''} test data as opposed to test data designed to trigger buffer overflows. A tool using this method was developed and evaluated by testing three widely used, open source software packages. This evaluation shows that the tool is useful for finding buffer overflow flaws, that it has a low false positive rate, and compares well with other techniques}}, Publisher = {{Internet Soc}}, Address = {{Reston, VA, USA}}, Language = {{English}}, Affiliation = {{Haugh, E.; Bishop, M.; California Univ., Davis, CA, USA..}}, Keywords = {{Practical/ object-oriented programming; security of data; storage management/ C programs; memory buffers; buffer overflow; open source software; buffer sizes; dynamic analysis; STOBO/ C6110J Object-oriented programming ; C6120 File organisation; C6130S Data security}}, Identifying-Codes = {{[C2003-12-6110J-004]}}, Number-of-References = {{25}}, Unique-ID = {{INSPEC:7769613}}, }