A Kind Of Buffer Overflow Vulnerabilities Automatic Mining And Positioning Technology

Software vulnerabilities have became the main threat to the security of information on computer networks. Hacking incidents and virus incidents happened in recent years were mainly caused by the software vulnerabilities, and at the same time, Buffer overflow vulnerability has been a security vulnerability of the most common form. In recent years, the notices associated with buffer overflow vulnerability accounted for more than 50 percent of all the notices issued by CERT / CC (Computer Emergency Response / Coordination Center).By using buffer overflow vulnerabilities, an attacker can change the original process of the software attacked, or even illegally access some resource, thus causing great harm. However, it is a very difficult and time-costing job to detect possible security vulnerabilities from software.On the basis of some research in the basic principles associated with buffer overflow and some analysis of domestic and foreign typical buffer overflow detection technology and tools, research was carried out in the formation of buffer overflow vulnerability and anlysis was done in overflow technology, then a kind of buffer overflow vulnerabilities mining and positioning technology was given. The buffer overflow vulnerabilities mining and positioning technology is based on a buffer overflow model which is associated with function calls, uses dumb Fuzzing technology as the way of vulnerabilities mining, uses a kind of dynamic monitoring and overflow positioning technology, which is based on static analysis and uses dynamic track and debugging technology with it, as the main framework, and it can achieve good results in overflow vulnerabilities mining. At the same time, the overflow vulnerabilities positioning technology can find out the specific function calls which lead to overflow vulnerabilities detected, and in this way those flawed codes in the form of function calls in the software tested can be founded. The technology is of great sense in the respects of improving the software security and the software itself. Experiments were done to some software, and the results are satisfying.The buffer overflow vulnerabilities mining and positioning technology and its framework are useful to the research of overflow vulnerabilities mining, and appropriate changes can be done to the framework to meet different situations. The technology proposed can be used as an effective means of buffer overflow mining.