Taxonomy of C Overflow Vulnerabilities Attack
作者: Nurul Haszeli Ahmad , Syed Ahmad Aljunid , Jamalul-lail Ab Manan
DOI: 10.1007/978-3-642-22191-0_33
关键词:
摘要: Various software vulnerabilities classifications have been constructed since the early 70s for correct understanding of vulnerabilities, and thus acts as a strong foundation to protect prevent from exploitation. However, despite all research efforts, exploitable still exist in most major software, common being C overflows vulnerabilities. overflow are frequent appear various advisories with high impact or critical severity. Partially but significantly, this is due absence source code perspective taxonomy address types Therefore, we propose taxonomy, which also classifies latest into four new categories. We describe ways detect overcome these hence, valuable reference developers security analysts identify potential loopholes so reduce exploitations altogether.
springer.com
sci-hub.st 参考文章(39)
Daniel Lowry Lough, Nathaniel J. Davis, A taxonomy of computer attacks with applications to wireless networks Virginia Polytechnic Institute and State University. ,(2001)
Venkat Pothamsetty, Bora A. Akyol, A vulnerability taxonomy for network protocols: Corresponding engineering best practice countermeasures. communications, internet, and information technology. pp. 168- 175 ,(2004)
Dawson R. Engler, A System's Hackers Crash Course: Techniques that Find Lots of Bugs in Real (Storage) System Code FAST. ,(2007)
Kendra J. Kratkiewicz, Evaluating Static Analysis Tools for Detecting Buffer Overflows in C Code ,(2005)
David LeBlanc, Michael Howard, John Viega, 24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them ,(2005)
John D. Howard, Thomas A Longstaff, A common language for computer security incidents United States. National Technical Information Service. ,(1998) , 10.2172/751004
Michael A Zhivich, Detecting buffer overflows using testcase synthesis and code instrumentation Massachusetts Institute of Technology. ,(2005)
John Viega, Gary McGraw, Building Secure Software: How to Avoid Security Problems the Right Way ,(2001)
David Wagner, Static Analysis and Software Assurance static analysis symposium. pp. 431- 431 ,(2001) , 10.1007/3-540-47764-0_25
Eugene H. Spafford, Ivan Victor Krsul, Software vulnerability analysis Purdue University. ,(1998)