Automatic Prevention of Buffer Overflow Vulnerability Using Candidate Code Generation
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Jang, Young-Su | - |
dc.contributor.author | Choi, Jin-Young | - |
dc.date.accessioned | 2021-09-02T02:32:36Z | - |
dc.date.available | 2021-09-02T02:32:36Z | - |
dc.date.created | 2021-06-19 | - |
dc.date.issued | 2018-12 | - |
dc.identifier.issn | 1745-1361 | - |
dc.identifier.uri | https://scholar.korea.ac.kr/handle/2021.sw.korea/71385 | - |
dc.description.abstract | The security of a software program critically depends on the prevention of vulnerabilities in the source code; however, conventional computer programs lack the ability to identify vulnerable code in another program. Our research was aimed at developing a technique capable of generating substitution code for the detection of buffer overflow vulnerability in C/C++ programs. The technique automatically verifies and sanitizes code instrumentation by comparing the result of each candidate variable with that expected from the input data. Our results showed that statements containing buffer overflow vulnerabilities could be detected and prevented by using a substitution variable and by sanitizing code vulnerabilities based on the size of the variables. Thus, faults can be detected prior to execution of the statement, preventing malicious access. Our approach is particularly useful for enhancing software security monitoring, and for designing retrofitting techniques in applications. | - |
dc.language | English | - |
dc.language.iso | en | - |
dc.publisher | IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG | - |
dc.subject | SOFTWARE | - |
dc.title | Automatic Prevention of Buffer Overflow Vulnerability Using Candidate Code Generation | - |
dc.type | Article | - |
dc.contributor.affiliatedAuthor | Choi, Jin-Young | - |
dc.identifier.doi | 10.1587/transinf.2018EDP7192 | - |
dc.identifier.scopusid | 2-s2.0-85057534389 | - |
dc.identifier.wosid | 000451766500017 | - |
dc.identifier.bibliographicCitation | IEICE TRANSACTIONS ON INFORMATION AND SYSTEMS, v.E101D, no.12, pp.3005 - 3018 | - |
dc.relation.isPartOf | IEICE TRANSACTIONS ON INFORMATION AND SYSTEMS | - |
dc.citation.title | IEICE TRANSACTIONS ON INFORMATION AND SYSTEMS | - |
dc.citation.volume | E101D | - |
dc.citation.number | 12 | - |
dc.citation.startPage | 3005 | - |
dc.citation.endPage | 3018 | - |
dc.type.rims | ART | - |
dc.type.docType | Article | - |
dc.description.journalClass | 1 | - |
dc.description.journalRegisteredClass | scie | - |
dc.description.journalRegisteredClass | scopus | - |
dc.relation.journalResearchArea | Computer Science | - |
dc.relation.journalWebOfScienceCategory | Computer Science, Information Systems | - |
dc.relation.journalWebOfScienceCategory | Computer Science, Software Engineering | - |
dc.subject.keywordPlus | SOFTWARE | - |
dc.subject.keywordAuthor | information security | - |
dc.subject.keywordAuthor | buffer overflow vulnerability | - |
dc.subject.keywordAuthor | software security monitoring | - |
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
145 Anam-ro, Seongbuk-gu, Seoul, 02841, Korea+82-2-3290-2963
COPYRIGHT © 2021 Korea University. All Rights Reserved.
Certain data included herein are derived from the © Web of Science of Clarivate Analytics. All rights reserved.
You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.