ARMORY : An auxiliary testing tool for automatic buffer overflow vulnerability detection

• Main Authors: Chi-hsuan Chang, 張繼軒
• Other Authors: Fu-Hau Hsu
• Format: Others
• Language: zh-TW
• Published: 2008
• Online Access: http://ndltd.ncl.edu.tw/handle/11257426377709353691

碩士 === 國立中央大學 === 資訊工程研究所 === 96 === In this paper we propose a new type of auxiliary examining tool to support software engineer or test Engineer detects the buffer overflow error in program automatically when testing the correctness of a program. Program Buffer Overflow Bug,(PBOB) is a stepping stone of buffer overflow attacks which is the one of most dangerous known attacks. Internet Worms spreads on Internet Networks via such bugs. Usually, The result of BOF attacks is getting the root privilege from the attacked host. The BOF Bug is produced When the length of a input string in program greater than the length of receive buffer, and the programmer do not deal with the redundant string. Dissimilar to the other program errors, Program Buffer Overflow Bug is not only difficult to detect and evade, but also has very high risky sequela. Program Buffer Overflow Bug in program can be discovered unless execute a complete program testing, and which is time-consuming and laborious. Such works always are neglected due to the major element of consideration from software companies – decrease the building time of products. Otherwise, training a programmer with perfect programming manner is impossible. Consequently, developing an innovative auxiliary examining tool to detect the buffer overflow error in program automatically demands immediate attention.