Static Analysis-based Buffer Overflow Vulnerability Testing Research

With the prevalence of information technology and the development of Internet, system security is becoming hot topic. More and more computer systems face the big challenge of all kinds of attacks. In the Last twenty years, buffer overflows have been the most common form of security vulnerability, and will exist for a long time in the future.The buffer overflow problem is typical of old programming languages, such as C/C++, and is worsened by programmers'negligence. The Methods of resolving this problem are generally divided into two kinds at present: dynamic detecting at run time, and static analysis before attacks take place. The dynamic detecting tends to cause DOS attacks, and its realization is very difficult. At present, static techniques are catching many researchers'attention, and several static analysis tools have been developed. But they have some shortages includes: a) doing lexical analysis only, b) needing manual-inserted comments, and c) depending on other code analyzing tools.This thesis proposed a static detecting method, which aims at: (a) designing separate modules for the detector corresponding to the vulnerability's lexical, syntax and semantic properties, and (b) being independent of other tools. For meeting this aim, the vulnerabilities-characteristic grammar (C's equivalent) is defined, and a compiler being sensitive to buffer-overrun vulnerabilities is constructed depending on the YACC. Based on the compiler and other modules, a whole detector is realized.Due to the implementation of separating vulnerabilities'formalized characteristics from common C syntax, the vulnerabilities-characteristic grammar itself has the characteristic of being sensitive to buffer-overrun vulnerabilities. Therefore, in the forepart of the tool's working flow the collecting of vulnerabilities'characters is exact and reliable. Moreover, the grammar decomposition based on vulnerabilities'characteristics ensures that the later semantic analysis'goal is clear. Owning to the independence of other static analyzing tools, the implementation of the approach is flexible. The experimental results indicate that the tool has preferable detecting accuracy, and the capability of detecting some inconspicuous vulnerabilities.