Analysis And Detection Of The Array Buffer Overflow

Buffer overflow is still the primary vulnerability in software security. It overwrites some extra data to a buffer than intend to hold, corrupting or overwriting the valid data held in them such as variables and control flow data. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, for example, change data and files, control the computers or crash the system. Because the problem involves complex control flows, data flows, pointer analysis, bound checking, access control and other factors, it still cannot assure the software security by much static and dynamic detection. Plenty of new software is released to the market with vulnerabilities every year, and it brings about the increased number of attacks and huge economic losses.This article does some research on the array buffer overflows, studies the theory and techniques, and then improves them with some new ideas to increase the accuracy and efficiency. This paper proposes a novel static analysis framework based on symbolic operations to analyze and detect array index and pointer bounds. It focuses on the induction variables of array bounds and pointers in loop structures, studies the dependence and mathematic relationships between them. The method models this problem first, and solves the recursive equation sets and inequalities by symbolic operations, making the induction variables represent by the input variables. With security rules of reading and writing memory, it could establish the safe satisfaction constraints by the previous results. Then we can detect the overflows by the constraints and input values.This approach has several appealing properties and innovations: (1) It simplifies the overflow problems, reduces the analysis scales and improves its efficiency. (2) State analysis combines with value analysis. (3) It increases the problem complexity with symbolic operations. (4) The paper presents a new analysis framework considering the loop structure as basic analysis unit. (5) The method expends analysis scoop where others never work.Experimental results from our prototype implementation indicate that our methods could detect the overflows effectively and efficiently.