2008 32nd Annual IEEE International Computer Software and Applications Conference (2008)
July 28, 2008 to Aug. 1, 2008
Buffer overflow (BOF) is one of the major vulnerabilities that leads to non-secure software.Testing an implementation for BOF vulnerabilities is challenging as the underlying reasons of buffer overflow vary widely. Moreover, the existing vulnerability testing approaches do not address the issue of generating adequate test data sets for testing BOF vulnerabilities. In this work, we apply the idea of mutation-based testing technique to generate adequate test data set for BOF vulnerabilities. Our work addresses those BOF vulnerabilities, which are related to an implementation language and its associated libraries. We apply the concept for ANSI Clanguage and its associated libraries. We propose 12 mutation operators to force the generation of adequate test data set for BOF vulnerabilities. The proposed operators are validated by using four open source programs. The results indicate that the proposed operators are effective for testing BOF vulnerabilities.
Buffer overflow, Mutation-based testing, Vulnerabilities
M. Zulkernine and H. Shahriar, "Mutation-Based Testing of Buffer Overflow Vulnerabilities," 2008 32nd Annual IEEE International Computer Software and Applications Conference(COMPSAC), vol. 00, no. , pp. 979-984, 2008.