2015 IEEE/ACM 10th International Workshop on Automation of Software Test (AST) (2015)
May 23, 2015 to May 24, 2015
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/AST.2015.17
Buffer overflow exploits form a substantial portion of input manipulation attacks as they are commonly found and are easy to exploit. Despite existence of many detection solutions, buffer overflow bugs are widely being reported in multitude of applications suggesting either inherent limitations in current solutions or problems with their adoption by the end-users. To address this, we propose a novel light-weight rule-based test case generation approach for detecting buffer overflows. The proposed approach uses information collected from static program analysis and pre-defined rules to generate test cases. Since the proposed approach uses only static analysis information and does not involve any constraint solving it is termed as light-weight. Our experimental evaluation on benchmark programs shows that the test inputs generated by the proposed approach are effective in detecting known bugs along with reporting some new bugs.
Buffer overflows, Computer bugs, Benchmark testing, Indexes, Genetic algorithms, Input variables
B. M. Padmanabhuni and H. B. Tan, "Light-Weight Rule-Based Test Case Generation for Detecting Buffer Overflow Vulnerabilities," 2015 IEEE/ACM 10th International Workshop on Automation of Software Test (AST), Florence, Italy, 2015, pp. 48-52.