HOME > 상세정보

상세정보

Generating candidate code for detecting buffer overflow vulnerabilities

Generating candidate code for detecting buffer overflow vulnerabilities

자료유형
학위논문
개인저자
장영수 張瑛洙
서명 / 저자사항
Generating candidate code for detecting buffer overflow vulnerabilities / Jang, Young Su
발행사항
Seoul :   Graduate School, Korea University,   2019  
형태사항
v, 103장 : 도표 ; 26 cm
기타형태 저록
Generating Candidate Code for Detecting Buffer Overflow Vulnerabilities   (DCOLL211009)000000084347  
학위논문주기
학위논문(박사)-- 고려대학교 대학원: 컴퓨터·전파통신공학과, 2019. 8
학과코드
0510   6YD36   363  
일반주기
지도교수: 최진영  
서지주기
참고문헌: 장 95-103
이용가능한 다른형태자료
PDF 파일로도 이용가능;   Requires PDF file reader(application/pdf)  
비통제주제어
Information security , Buffer overflow vulnerability , Software security monitoring,,
000 00000nam c2200205 c 4500
001 000045999162
005 20191017125716
007 ta
008 190625s2019 ulkd bmAC 000c eng
040 ▼a 211009 ▼c 211009 ▼d 211009
085 0 ▼a 0510 ▼2 KDCP
090 ▼a 0510 ▼b 6YD36 ▼c 363
100 1 ▼a 장영수 ▼g 張瑛洙
245 1 0 ▼a Generating candidate code for detecting buffer overflow vulnerabilities / ▼d Jang, Young Su
260 ▼a Seoul : ▼b Graduate School, Korea University, ▼c 2019
300 ▼a v, 103장 : ▼b 도표 ; ▼c 26 cm
500 ▼a 지도교수: 최진영
502 1 ▼a 학위논문(박사)-- ▼b 고려대학교 대학원: ▼c 컴퓨터·전파통신공학과, ▼d 2019. 8
504 ▼a 참고문헌: 장 95-103
530 ▼a PDF 파일로도 이용가능; ▼c Requires PDF file reader(application/pdf)
653 ▼a Information security ▼a Buffer overflow vulnerability ▼a Software security monitoring
776 0 ▼t Generating Candidate Code for Detecting Buffer Overflow Vulnerabilities ▼w (DCOLL211009)000000084347
900 1 0 ▼a Jang, Young-su, ▼e
900 1 0 ▼a 최진영 ▼g 崔振榮, ▼e 지도교수
900 1 0 ▼a Choi, Jin-young, ▼e 지도교수
945 ▼a KLPA

전자정보

No. 원문명 서비스
1
Generating candidate code for detecting buffer overflow vulnerabilities (28회 열람)
PDF 초록 목차
No. 소장처 청구기호 등록번호 도서상태 반납예정일 예약 서비스
No. 1 소장처 과학도서관/학위논문서고/ 청구기호 0510 6YD36 363 등록번호 123062321 도서상태 대출가능 반납예정일 예약 서비스 B M
No. 2 소장처 과학도서관/학위논문서고/ 청구기호 0510 6YD36 363 등록번호 123062322 도서상태 대출가능 반납예정일 예약 서비스 B M
No. 3 소장처 세종학술정보원/5층 학위논문실/ 청구기호 0510 6YD36 363 등록번호 153083339 도서상태 대출가능 반납예정일 예약 서비스
No. 소장처 청구기호 등록번호 도서상태 반납예정일 예약 서비스
No. 1 소장처 과학도서관/학위논문서고/ 청구기호 0510 6YD36 363 등록번호 123062321 도서상태 대출가능 반납예정일 예약 서비스 B M
No. 2 소장처 과학도서관/학위논문서고/ 청구기호 0510 6YD36 363 등록번호 123062322 도서상태 대출가능 반납예정일 예약 서비스 B M
No. 소장처 청구기호 등록번호 도서상태 반납예정일 예약 서비스
No. 1 소장처 세종학술정보원/5층 학위논문실/ 청구기호 0510 6YD36 363 등록번호 153083339 도서상태 대출가능 반납예정일 예약 서비스

컨텐츠정보

초록

The security of a software program critically depends on the prevention of vulnerabilities in the source code; however, conventional computer programs lack the ability to identify vulnerable code in another program. Our research was aimed at developing a technique capable of generating caddidate code for the detection of buffer overflow vulnerability in C/C++ programs. The technique automatically verifies and sanitizes code instrumentation by comparing the result of each candidate variable with that expected from the input data. Our results showed that statements containing buffer overflow vulnerabilities could be detected and prevented by using a candidate variable and by sanitizing code vulnerabilities based on the size of the variables. Thus, faults can be detected prior to execution of the statement, preventing malicious access. 
    For the verification of buffer overflow vulnerability, we designed and implemented the tool, named VDLs (Vulnerability Detection Libraries). The VDLs dynamically locates sensitive API method calls and instruments a set of variables along with safety condition checks to detect buffer overflow vulnerability in a C/C++ program. The instrumented code performs operations on variables as in the original program, and then validates their status to detect security violations. Our approach infers the sizes of different buffers and stores this information, instruments checks before sensitive operations, and performs assertion checks at runtime. The analyses are based on the knowledge of API method semantic analysis to understand the semantic characteristics of instrumented code. Our approach is particularly useful for enhancing software security monitoring, and for designing retrofitting techniques in applications.

목차

Contents 
Abstract                                                 i 
Contents                                               ii 
List of Tables                                        iv 
List of Figures  v 
1.  Introduction                                                                          1
2. Literature review                                                                    8
3. Research overview                                                                17
 3.1 Typical example 17
 3.2 Research objectives  20
 3.3 Research motivation  23
 3.4 Our approach   28
4. Formal analysis (Symbolic expressions)                                 35
 4.1 Candidate variable definition and verification 39
5. Implementation                                                                       54
 5.1 The tool: VDLs (Vulnerability Detection Libraries) 55
  5.1.1 Transformation of the source code 59
  5.1.2 Tree-based source code transformation 63
  5.1.3 Substitution code estimator using Behavior Knowledge 65
  5.1.4 Customized database and indexing syntax tree 69
  5.1.5 Quality assurance of variable constraint and assertion  70
 5.2 Limitations 77
 5.3 Extensions 78
 5.4 Errors and error handling 79
6. Evaluation                                                                                81
 6.1 Empirical evaluation of the test-suite 81
 6.2 Evaluation of real-world test cases 84
 6.3 Accuracy and performance 89
 6.4 Runtime analysis 90
7. Conclusion                                                                           93
References                                                                                   95