The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Buffer overflow is known to be a common memory vulnerability affecting software. It is exploited to gain various kinds of privilege escalation. C and C++ are very commonly used to develop applications; due to the efficient “unmanaged” executions these languages are not safe. These attacks are highly successful as every executing copy of a shipped binary is the same. This work presents two approaches...
Recently, the research on the detection and defense of malicious attacks are becoming the main subject of information security. Various tools and technologies of detecting and defense malicious attacks are proposed in an endless stream, tools detecting vulnerabilities as well. However, there is a lack of method to test and evaluate the correctness and validity of these technologies and tools. In this...
The automatic testing tools of component security bring great effect on component-based software engineering, and they can effectively ensure the security of component-based software. A prototype tool named CSTS (component security testing system) is designed and implemented to test the security of the widely-used COTS (Commercial-off-the-Shelf) Microsoft COM (component object model) component. CSTS,...
This paper proposes a control flow based security analysis approach for binary executables. Through deeply investigating the theory of control flow security, we develop the Control Flow Security Model (CFSM) which includes the formal definitions for program semantics and security properties for control flow. CFSM specifies that program execution dynamically follows only certain paths, in accordance...
Vulnerabilities in applications and their widespread exploitation through successful attacks are common these days. Testing applications for preventing vulnerabilities is an important step to address this issue. In recent years, a number of security testing approaches have been proposed. However, there is no comparative study of these work that might help security practitioners select an appropriate...
We can use information and software of various forms without being restricted for place and time if ubiquitous computing age comes. However, its dysfunction is causing security problems such as outflow of personal information, hacking, diffusion of virus. Specially, dissemination of software that has malicious purpose in ubiquitous computing environment causes serious damage. We have studied about...
Buffer overflow exploitation is a major threat to software security. To reduce the threat, Visual studio C/C++compiler enables to randomize the addresses of the compiled program in initialization time, and to embed security stack guards by the compiled program in run time. The present paper upgrades the compiler by increasing the compiled program's capabilities in the following aspects: (1) protects...
On the basis of analyzing the safety formulas for various types of vulnerabilities, this paper presents a novel method for software vulnerability testing, which uses source-code conversion and the state information of function-call to test the vulnerability of software. This method could cover a variety of vulnerabilities. The implementation shows that it can check the attack of buffer overflow accurately,...
Despite increasing efforts in detecting and managing software security flaws, the number of security attacks is still rising every year. As software becomes more complex, security flaws are more easily introduced into a software system and more difficult to eliminate. In this talk, I present our research on the development of a framework for detecting and managing security flaws. The key idea is to...
Buffer overflow vulnerabilities can cause attacks that result in serious consequences. However the techniques of buffer overflow vulnerability detection are limited to manual analysis, binary-patch comparison, fuzzing and so on. They rely on manual analysis, thus cause high overhead. In this paper, we propose a novel method of detection of buffer overflow vulnerabilities, which is based on fuzzing,...
Through comprehensive analysis of software security vulnerability, a novel vulnerability detecting method based on similar characteristic is proposed in this paper. The method aims at C Code security detection. Based on Case-based Reasoning technology, the method performs similarity matching between security characteristic of source code and the characteristic of known security vulnerabilities, and...
This is a survey of the processes, practices, and technologies that can help software maintenance engineers improve the security of software systems. A particular emphasis is placed on validating security architectures, verifying that the implementation of an architecturepsilas constituent applications adhere to secure coding practices, and protecting software systems against malicious software. In...
The presence of vulnerable statements in the source code is a crucial problem for maintainers: properly monitoring and, if necessary, removing them is highly desirable to ensure high security and reliability. To this aim, a number of static analysis tools have been developed to detect the presence of instructions that can be subject to vulnerability attacks, ranging from buffer overflow exploitations...
We can use information and software of various forms without being restricted for place and time if ubiquitous computing age comes. However, its dysfunction is causing security problems such as outflow of personal information, hacking, diffusion of virus. Specially, dissemination of software that has malicious purpose in ubiquitous computing environment causes serious damage. We have studied about...
This position paper proposes a research agenda for the field of security testing. It gives a critical account of the state of the art as seen by a practitioner and identifies questions that research failed to answer so far, or failed to answer in such a way that it would have had an impact in the real world. Three categories of research problems are proposed: theory of vulnerabilities, theory of security...
While memory-safe and type-safe languages have been available for many years, the vast majority of software is still implemented in type-unsafe languages such as C/C++. Despite massive concerted efforts by software vendors such as Microsoft to eliminate buffer overflow vulnerabilities through automated and manual code review, they continue to be found and exploited. We present a novel approach that...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.