ARMORY: An automatic security testing tool for buffer overflow defect detection

[Display omitted] ► ARMORY detects buffer overflow defects automatically inside kernel. ► It classifies three types of buffer overflow defects: L2S, LOOP, and FISSION. ► It does not need any attack instance, any training phase, and source code. Program Buffer Overflow Defects (PBODs) are the steppin...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Computers & electrical engineering 2013-10, Vol.39 (7), p.2233-2242
Hauptverfasser: Chen, Li-Han, Hsu, Fu-Hau, Hwang, Yanling, Su, Mu-Chun, Ku, Wei-Shinn, Chang, Chi-Hsuan
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:[Display omitted] ► ARMORY detects buffer overflow defects automatically inside kernel. ► It classifies three types of buffer overflow defects: L2S, LOOP, and FISSION. ► It does not need any attack instance, any training phase, and source code. Program Buffer Overflow Defects (PBODs) are the stepping stones of Buffer Overflow Attacks (BOAs), which are one of the most dangerous security threats to the Internet. In this paper, we propose a kernel-based security testing tool, named ARMORY, for software engineers to detect PBODs automatically when they apply all kinds of testing, especially functional testing and unit testing, without increasing the testing workload. Besides, ARMORY does not need any attack instance, any training phase, or source code to finish its security testing. ARMORY can detect unknown PBODs. ARMORY not only can improve software quality, but also can reduce the amount of system resources used to protect a system. We implemented ARMORY in Linux kernel by modifying sys_read() system call and entry. S which deals all system call. Experimental results show that ARMORY can automatically detect PBODs when programmers test the functionality of their programs.
ISSN:0045-7906
1879-0755
DOI:10.1016/j.compeleceng.2012.07.005