| Presentation | 2002/7/11 About buffer_overflow detection by static analysis of C program Goichi NAKAMURA, Ichiro MURASE, |
|---|---|
| PDF Download Page | PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | C language is still important as programming language of softwares such as network control software that needs high security. But the buffer_overflow problem is frequently seen in C programs, it is one of the most serious vulnerabilities about C programs. Among the buffer_overflow vulnerabilities, rewriting of return address on the stack is most important. There are several methods to detect this buffer_overflow vulnerability in C program But these methods can not pick over this buffer_overflow vulnerability. In this research, a new method is developed to detect the buffer_overflow vulnerability(rewriting of return address on the stack) in C program statically, that is, by static analysis of register translate language code(RTL code) which is made in C program compilation by GCC compiler. As this method's output, the conditions on which rewriting of return address on the stack occurs is expressed in function arguments and so on. And the tool which carry out this method is developed. Then, the effectiveness of this method is checked by adapting the tool to C programs to detect the buffer_overflow vulnerability. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | static analysis / buffer_overflow / C program / RTL |
| Paper # | ISEC2002-30 |
| Date of Issue |
| Conference Information | |
| Committee | ISEC |
|---|---|
| Conference Date | 2002/7/11(1days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | |
| Chair | |
| Vice Chair | |
| Secretary | |
| Assistant | |
| Paper Information | |
| Registration To | Information Security (ISEC) |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | About buffer_overflow detection by static analysis of C program |
| Sub Title (in English) | |
| Keyword(1) | static analysis |
| Keyword(2) | buffer_overflow |
| Keyword(3) | C program |
| Keyword(4) | RTL |
| 1st Author's Name | Goichi NAKAMURA |
| 1st Author's Affiliation | Mitsubishi Research Institute() |
| 2nd Author's Name | Ichiro MURASE |
| 2nd Author's Affiliation | Mitsubishi Research Institute |
| Date | 2002/7/11 |
| Paper # | ISEC2002-30 |
| Volume (vol) | vol.102 |
| Number (no) | 211 |
| Page | pp.pp.- |
| #Pages | 8 |
| Date of Issue | |