A Detection Approach For Buffer Overflow Vulnerability Based On Data Control Flow Graph

With the development of computer technology,more and more people enjoy the convenience of the modern information systems.The inevitable problem during the continuous development of information technology is the existence of software vulnerabilities.In the process of software development,programmers can not avoid making some mistakes,some of which are fatal to the security of computer system.If those mistakes are not discovered in time,they will cause serious consequences,for example,buffer overflow is one of the most common software vulnerabiliy.Therefore,the analysis of the causes of software vulnerability has increasingly become the focus of information security.In the past few years,researchers have studied software vulnerabilities from different perspectives,and they have already made great progress.Although great achievements have been achieved in the research of vulnerability,the research of code graphic vulnerability detection is still insufficient for buffer overflow vulnerability,which is mainly reflected in two aspects: firstly,the research on code formalization mainly focuses on conceptual description at present,which can not be effectively applied to vulnerability detection.Secondly,it is short of the authoritative approach that can effectively detect vulnerability.To solve the above issues,the research in this paper is presented as follows:1.In the paper,the Danger function detection method based on data control flow graph(FDMDC)is proposed,and the framework of FDMDC is introduced and all modules are analyzed.The DCFG generation algorithm and function judging algorithm based on data control flow graph(DCDFJ Algorithm)are detailed in the paper.The main idea of FDMDC is to traverse the DCFG and record the dangerous points related to the vulnerability on the executable path during the traversal process.2.The vulnerability detection method based on data control flow graph(DCVDM)is proposed,with the framework of DCVDM introduced and all module analyzed.The vulnerability judging based on data control flow graph(DCVJ Algorithm)is detailed in the paper.The main idea of DCVDM is to use FDMDC to find all the dangerous points,and to determine the type of the dangerous function and then construct the constraint rule of the dangerous function at the dangerous point.Finally,the constraint rule will be solved to obtain the result of the vulnerability detection.3.A prototype system for vulnerability detection named buffer overflow vulnerability detection system based on data control flow graph(DCFG-VDS)is designed and implemented.The system mainly includes three modules: the DCFG generation module,the vulnerability detection method based on data control flow graph module(DCVDM module)and the comparison analysis module.The main function of the DCFG generation module is to parse the test case to generate its corresponding DCFG.The main function of the DCVDM module is to import test cases and test case description files for vulnerabilities detection.The main function of the comparison analysis module is to analyze the detection effectiveness of different detecting methods.