| The development of information technology has influenced various aspects of social development seriously, for example the global economics, politics, education and military etc., which not only has brought efficiency and convenience to society, but also has brought threat and risks to society. Recently, attacks on computer system have been frequently reported, and the number of vulnerability attacks is growing year by year.Buffer overflow, the most common form of vulnerability, widely exist in various kinds of software systems. It can be easily exploited by attackers, leading to execution failure of some program, or even enforcing the object computer system to shutdown or restart. In the worst cases, the attackers can even get root privilege and then do anything they want to. Therefore, the in-depth research of software vulnerabilities and its test mechanism can help us solute computer security issues fundamentally. If we can discover the existence of vulnerabilities and remedy these vulnerabilities before software is released, we could reduce the clients'losses, which is signality.The traditional vulnerabilities detecting technologies include manual analysis, static analysis and dynamic analysis. Static analysis, including the analysis of source code and the analysis of binary code, try to find out all possible vulnerabilities within the codes before execution. However, dynamic analysis method puts some limitations to the program's execution, and then defends the program by watching the limitations and forbidding the malicious exploitation.On the basis of analyzing the abstract invariants for buffer overflow, this paper presents a novel mechanism for buffer overflow, which uses program instrumentation and mutation test technology to do the buffer overflow vulnerability test for software. The test mechanism can expose the buffer overflow vulnerabilities better, because it integrates the advantages of static analysis and dynamic analysis. |
PDF Full Text Request