NDLI: Rule-Based Source Level Patching of Buffer Overflow Vulnerabilities

Content Provider	IEEE Xplore Digital Library
Author	Shahriar, H. Haddad, H.M.
Copyright Year	2013
Description	Author affiliation: Dept. of Comput. Sci., Kennesaw State Univ., Kennesaw, GA, USA (Shahriar, H.; Haddad, H.M.)
Abstract	Buffer overflow (BOF) is a notorious vulnerability that leads to non-secure software. The presence of BOF hampers essential security objectives - confidentiality, integrity and availability. A BOF might result in neigh boring data values corruption, application core dumps, etc. This research focuses on the detection and patching of BOF vulnerabilities. The detection includes identifying programming elements that might cause BOF, such as limitations due to languages, associated libraries, and logical errors. This work presents several code patterns that include simple (one statement) and complex (multiple statements) forms of BOF. For prevention, we propose eight rules to fix vulnerable code to avoid BOF without modifying the application functionality. The proposed approach addresses BOF issues not only at the unit level but also at the integrated level by passing buffer length information. The proposed rules are evaluated with 14 benchmark applications that have known BOF vulnerabilities. The results show that the proposed rules are effective in detecting and patching BOF without altering original functionalities of applications. The performance overhead due to the application of the proposed patching rules is negligible.
Starting Page	627
Ending Page	632
File Size	179060
Page Count	6
File Format	PDF
ISBN	9780769549675
e-ISBN	9780769549675
DOI	10.1109/ITNG.2013.96
Language	English
Publisher	Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Publisher Date	2013-04-15
Publisher Place	USA
Access Restriction	Subscribed
Rights Holder	Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subject Keyword	Runtime Buffer overflows Switches Benchmark testing Rule-based patching Libraries Buffer overflow Indexes Security Software vulnerabilities
Content Type	Text
Resource Type	Article

Sl.	Authority	Responsibilities	Communication Details
1	Ministry of Education (GoI), Department of Higher Education	Sanctioning Authority	https://www.education.gov.in/ict-initiatives
2	Indian Institute of Technology Kharagpur	Host Institute of the Project: The host institute of the project is responsible for providing infrastructure support and hosting the project	https://www.iitkgp.ac.in
3	National Digital Library of India Office, Indian Institute of Technology Kharagpur	The administrative and infrastructural headquarters of the project	Dr. B. Sutradhar bsutra@ndl.gov.in
4	Project PI / Joint PI	Principal Investigator and Joint Principal Investigators of the project	Dr. B. Sutradhar bsutra@ndl.gov.in Prof. Saswat Chakrabarti will be added soon
5	Website/Portal (Helpdesk)	Queries regarding NDLI and its services	support@ndl.gov.in
6	Contents and Copyright Issues	Queries related to content curation and copyright issues	content@ndl.gov.in
7	National Digital Library of India Club (NDLI Club)	Queries related to NDLI Club formation, support, user awareness program, seminar/symposium, collaboration, social media, promotion, and outreach	clubsupport@ndl.gov.in
8	Digital Preservation Centre (DPC)	Assistance with digitizing and archiving copyright-free printed books	dpc@ndl.gov.in
9	IDR Setup or Support	Queries related to establishment and support of Institutional Digital Repository (IDR) and IDR workshops	idr@ndl.gov.in