Automatic prevention of buffer overflow vulnerability using candidate code generation

Young Su Jang; Jin Young Choi

doi:10.1587/transinf.2018EDP7192

Automatic prevention of buffer overflow vulnerability using candidate code generation

Young Su Jang, Jin Young Choi

School of Cybersecurity

Research output: Contribution to journal › Article › peer-review

6 Citations (Scopus)

Abstract

The security of a software program critically depends on the prevention of vulnerabilities in the source code; however, conventional computer programs lack the ability to identify vulnerable code in another program. Our research was aimed at developing a technique capable of generating substitution code for the detection of buffer overflow vulnerability in C/C++ programs. The technique automatically verifies and sanitizes code instrumentation by comparing the result of each candidate variable with that expected from the input data. Our results showed that statements containing buffer overflow vulnerabilities could be detected and prevented by using a substitution variable and by sanitizing code vulnerabilities based on the size of the variables. Thus, faults can be detected prior to execution of the statement, preventing malicious access. Our approach is particularly useful for enhancing software security monitoring, and for designing retrofitting techniques in applications.

Original language	English
Pages (from-to)	3005-3018
Number of pages	14
Journal	IEICE Transactions on Information and Systems
Volume	E101D
Issue number	12
DOIs	https://doi.org/10.1587/transinf.2018EDP7192
Publication status	Published - 2018 Dec

Keywords

Buffer overflow vulnerability
Information security
Software security monitoring

ASJC Scopus subject areas

Software
Hardware and Architecture
Computer Vision and Pattern Recognition
Electrical and Electronic Engineering
Artificial Intelligence

Access to Document

10.1587/transinf.2018EDP7192

Cite this

@article{106d4f518ba440edb0976a5ccfdefaaf,

title = "Automatic prevention of buffer overflow vulnerability using candidate code generation",

abstract = "The security of a software program critically depends on the prevention of vulnerabilities in the source code; however, conventional computer programs lack the ability to identify vulnerable code in another program. Our research was aimed at developing a technique capable of generating substitution code for the detection of buffer overflow vulnerability in C/C++ programs. The technique automatically verifies and sanitizes code instrumentation by comparing the result of each candidate variable with that expected from the input data. Our results showed that statements containing buffer overflow vulnerabilities could be detected and prevented by using a substitution variable and by sanitizing code vulnerabilities based on the size of the variables. Thus, faults can be detected prior to execution of the statement, preventing malicious access. Our approach is particularly useful for enhancing software security monitoring, and for designing retrofitting techniques in applications.",

keywords = "Buffer overflow vulnerability, Information security, Software security monitoring",

author = "Jang, {Young Su} and Choi, {Jin Young}",

note = "Funding Information: This research was supported by the MSIT (Ministry of Science and ICT), Korea, under the ITRC (Information Technology Research Center) support program (2015-0-00445) supervised by the IITP (Institute for Information & communications Technology Promotion) and Institute for Information & communications Technology Promotion (IITP) grant funded by the Korea government (MSIT) (No. 2018-0-00532, Development of High-Assurance (≥ EAL6) Secure Microkernel). Publisher Copyright: Copyright {\textcopyright} 2018 The Institute of Electronics, Information and Communication Engineers",

year = "2018",

month = dec,

doi = "10.1587/transinf.2018EDP7192",

language = "English",

volume = "E101D",

pages = "3005--3018",

journal = "IEICE Transactions on Information and Systems",

issn = "0916-8532",

publisher = "Maruzen Co., Ltd/Maruzen Kabushikikaisha",

number = "12",

}

TY - JOUR

T1 - Automatic prevention of buffer overflow vulnerability using candidate code generation

AU - Jang, Young Su

AU - Choi, Jin Young

N1 - Funding Information: This research was supported by the MSIT (Ministry of Science and ICT), Korea, under the ITRC (Information Technology Research Center) support program (2015-0-00445) supervised by the IITP (Institute for Information & communications Technology Promotion) and Institute for Information & communications Technology Promotion (IITP) grant funded by the Korea government (MSIT) (No. 2018-0-00532, Development of High-Assurance (≥ EAL6) Secure Microkernel). Publisher Copyright: Copyright © 2018 The Institute of Electronics, Information and Communication Engineers

PY - 2018/12

Y1 - 2018/12

N2 - The security of a software program critically depends on the prevention of vulnerabilities in the source code; however, conventional computer programs lack the ability to identify vulnerable code in another program. Our research was aimed at developing a technique capable of generating substitution code for the detection of buffer overflow vulnerability in C/C++ programs. The technique automatically verifies and sanitizes code instrumentation by comparing the result of each candidate variable with that expected from the input data. Our results showed that statements containing buffer overflow vulnerabilities could be detected and prevented by using a substitution variable and by sanitizing code vulnerabilities based on the size of the variables. Thus, faults can be detected prior to execution of the statement, preventing malicious access. Our approach is particularly useful for enhancing software security monitoring, and for designing retrofitting techniques in applications.

AB - The security of a software program critically depends on the prevention of vulnerabilities in the source code; however, conventional computer programs lack the ability to identify vulnerable code in another program. Our research was aimed at developing a technique capable of generating substitution code for the detection of buffer overflow vulnerability in C/C++ programs. The technique automatically verifies and sanitizes code instrumentation by comparing the result of each candidate variable with that expected from the input data. Our results showed that statements containing buffer overflow vulnerabilities could be detected and prevented by using a substitution variable and by sanitizing code vulnerabilities based on the size of the variables. Thus, faults can be detected prior to execution of the statement, preventing malicious access. Our approach is particularly useful for enhancing software security monitoring, and for designing retrofitting techniques in applications.

KW - Buffer overflow vulnerability

KW - Information security

KW - Software security monitoring

UR - http://www.scopus.com/inward/record.url?scp=85057534389&partnerID=8YFLogxK

U2 - 10.1587/transinf.2018EDP7192

DO - 10.1587/transinf.2018EDP7192

M3 - Article

AN - SCOPUS:85057534389

SN - 0916-8532

VL - E101D

SP - 3005

EP - 3018

JO - IEICE Transactions on Information and Systems

JF - IEICE Transactions on Information and Systems

IS - 12

ER -

Automatic prevention of buffer overflow vulnerability using candidate code generation

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this