Research On Detection Technology Of Buffer Overflow Vulnerability Based On Lexical Analysys

Buffer overflow is a kind of dangerous but common vulnerability, which exists in almost all the system software and application software. It has greatly threatened network security, software security and data security. The primary cause of buffer overflow vulnerability is some program languages lacking of boundary checking (such as C). Buffer overflow happens when the input data exceeds the buffer size. Static analysis can find the vulnerabilities through source code analysis before program execution. This thesis designed an improved scheme base on integrated assessment and result optimization against lexical analysis which is a branch of static analysis. And then a new lexical analysis tool, Opt_Scanner, is designed and implemented based on the improved scheme.This thesis first introduces the principle and categories of buffer overflow, and then current research situation from three aspects-static analysis, dynamic analysis and relevant research institutes. Secondly, the important roles of static analysis in software are introduced, highlighting the principle, function modules and features of different lexical analysis tools. In the third chapter, an improved scheme is designed against false positive and false negative of lexical tools, which includes integrated assessment system and results optimization system. Integrated assessment system combines three classical tools-ITS4, Rats and Flawfinder, regarding their false positive and false negative, to get an integrated score. Results optimization system is aim to reduce the false positive by making security rules for parameters in dangerous functions. And then, a lexical analysis tool, Opt_Scanner, is designed and implemented based on the improved scheme and tested using an artificial program and a real-world program segment. Both of the tested programs include some buffer overflow vulnerabilities. In the artificial program test, Opt_Scanner gets an optimal report that false positive and false negative are zeros. In the real-world program test, the features of Opt_Scanner are better than the three classical tools to some extent.