Characterizing Buffer Overflow Vulnerabilities in Large C/C++ Projects
| Autor(a) principal: | |
|---|---|
| Data de Publicação: | 2021 |
| Outros Autores: | , |
| Tipo de documento: | Artigo |
| Idioma: | eng |
| Título da fonte: | Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| Texto Completo: | http://hdl.handle.net/10316/101176 https://doi.org/10.1109/ACCESS.2021.3120349 |
Resumo: | Security vulnerabilities are present in most software systems, especially in projects with a large codebase, with several versions over the years, developed by many developers. Issues with memory management, in particular buffer over ow, are among the most frequently exploited vulnerabilities in software systems developed in C/CCC. Nevertheless, most buffer over ow vulnerabilities are not detectable by vulnerability detection tools and static analysis tools (SATs). To improve vulnerability detection, we need to better understand the characteristics of such vulnerabilities and their root causes. In this study, we analyze 159 vulnerable code units from three representative projects (i.e., Linux Kernel, Mozilla, and Xen). First, the vulnerable code is characterized using the Orthogonal Defect Classi cation (ODC), showing that most buffer over ow vulnerabilities are related to missing or incorrect checking (e.g., missing if construct around statement or incorrect logical expression used as branch condition). Then, we run two widely used C/CCC Static Analysis Tools (SATs) (i.e., CppCheck and Flaw nder) on the vulnerable and neutral (after the vulnerability x) versions of each code unit, showing the low effectiveness of this type of tool in detecting buffer over ow vulnerabilities. Finally, we characterize the vulnerable and neutral versions of each code unit using software metrics, demonstrating that, although such metrics are frequently used as indicators of software quality, there is no clear correlation between them and the existence of buffer over ow in the code. As a result, we highlight a set of observations that should be considered to improve the detection of buffer over ow vulnerabilities. |
| id |
RCAP_ade43700c106126b3d0ebbb7ff7c01b7 |
|---|---|
| oai_identifier_str |
oai:estudogeral.uc.pt:10316/101176 |
| network_acronym_str |
RCAP |
| network_name_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| repository_id_str |
7160 |
| spelling |
Characterizing Buffer Overflow Vulnerabilities in Large C/C++ ProjectsSoftware securitybuffer over flowstatic code analysisvulnerability detectionorthogonal defect classification (ODC)software metricsSecurity vulnerabilities are present in most software systems, especially in projects with a large codebase, with several versions over the years, developed by many developers. Issues with memory management, in particular buffer over ow, are among the most frequently exploited vulnerabilities in software systems developed in C/CCC. Nevertheless, most buffer over ow vulnerabilities are not detectable by vulnerability detection tools and static analysis tools (SATs). To improve vulnerability detection, we need to better understand the characteristics of such vulnerabilities and their root causes. In this study, we analyze 159 vulnerable code units from three representative projects (i.e., Linux Kernel, Mozilla, and Xen). First, the vulnerable code is characterized using the Orthogonal Defect Classi cation (ODC), showing that most buffer over ow vulnerabilities are related to missing or incorrect checking (e.g., missing if construct around statement or incorrect logical expression used as branch condition). Then, we run two widely used C/CCC Static Analysis Tools (SATs) (i.e., CppCheck and Flaw nder) on the vulnerable and neutral (after the vulnerability x) versions of each code unit, showing the low effectiveness of this type of tool in detecting buffer over ow vulnerabilities. Finally, we characterize the vulnerable and neutral versions of each code unit using software metrics, demonstrating that, although such metrics are frequently used as indicators of software quality, there is no clear correlation between them and the existence of buffer over ow in the code. As a result, we highlight a set of observations that should be considered to improve the detection of buffer over ow vulnerabilities.2021info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/articlehttp://hdl.handle.net/10316/101176http://hdl.handle.net/10316/101176https://doi.org/10.1109/ACCESS.2021.3120349eng2169-3536Pereira, Jose D'AbruzzoIvaki, NaghmehVieira, Marcoinfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2022-08-16T20:49:45Zoai:estudogeral.uc.pt:10316/101176Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-19T21:18:25.619769Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse |
| dc.title.none.fl_str_mv |
Characterizing Buffer Overflow Vulnerabilities in Large C/C++ Projects |
| title |
Characterizing Buffer Overflow Vulnerabilities in Large C/C++ Projects |
| spellingShingle |
Characterizing Buffer Overflow Vulnerabilities in Large C/C++ Projects Pereira, Jose D'Abruzzo Software security buffer over flow static code analysis vulnerability detection orthogonal defect classification (ODC) software metrics |
| title_short |
Characterizing Buffer Overflow Vulnerabilities in Large C/C++ Projects |
| title_full |
Characterizing Buffer Overflow Vulnerabilities in Large C/C++ Projects |
| title_fullStr |
Characterizing Buffer Overflow Vulnerabilities in Large C/C++ Projects |
| title_full_unstemmed |
Characterizing Buffer Overflow Vulnerabilities in Large C/C++ Projects |
| title_sort |
Characterizing Buffer Overflow Vulnerabilities in Large C/C++ Projects |
| author |
Pereira, Jose D'Abruzzo |
| author_facet |
Pereira, Jose D'Abruzzo Ivaki, Naghmeh Vieira, Marco |
| author_role |
author |
| author2 |
Ivaki, Naghmeh Vieira, Marco |
| author2_role |
author author |
| dc.contributor.author.fl_str_mv |
Pereira, Jose D'Abruzzo Ivaki, Naghmeh Vieira, Marco |
| dc.subject.por.fl_str_mv |
Software security buffer over flow static code analysis vulnerability detection orthogonal defect classification (ODC) software metrics |
| topic |
Software security buffer over flow static code analysis vulnerability detection orthogonal defect classification (ODC) software metrics |
| description |
Security vulnerabilities are present in most software systems, especially in projects with a large codebase, with several versions over the years, developed by many developers. Issues with memory management, in particular buffer over ow, are among the most frequently exploited vulnerabilities in software systems developed in C/CCC. Nevertheless, most buffer over ow vulnerabilities are not detectable by vulnerability detection tools and static analysis tools (SATs). To improve vulnerability detection, we need to better understand the characteristics of such vulnerabilities and their root causes. In this study, we analyze 159 vulnerable code units from three representative projects (i.e., Linux Kernel, Mozilla, and Xen). First, the vulnerable code is characterized using the Orthogonal Defect Classi cation (ODC), showing that most buffer over ow vulnerabilities are related to missing or incorrect checking (e.g., missing if construct around statement or incorrect logical expression used as branch condition). Then, we run two widely used C/CCC Static Analysis Tools (SATs) (i.e., CppCheck and Flaw nder) on the vulnerable and neutral (after the vulnerability x) versions of each code unit, showing the low effectiveness of this type of tool in detecting buffer over ow vulnerabilities. Finally, we characterize the vulnerable and neutral versions of each code unit using software metrics, demonstrating that, although such metrics are frequently used as indicators of software quality, there is no clear correlation between them and the existence of buffer over ow in the code. As a result, we highlight a set of observations that should be considered to improve the detection of buffer over ow vulnerabilities. |
| publishDate |
2021 |
| dc.date.none.fl_str_mv |
2021 |
| dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
| dc.type.driver.fl_str_mv |
info:eu-repo/semantics/article |
| format |
article |
| status_str |
publishedVersion |
| dc.identifier.uri.fl_str_mv |
http://hdl.handle.net/10316/101176 http://hdl.handle.net/10316/101176 https://doi.org/10.1109/ACCESS.2021.3120349 |
| url |
http://hdl.handle.net/10316/101176 https://doi.org/10.1109/ACCESS.2021.3120349 |
| dc.language.iso.fl_str_mv |
eng |
| language |
eng |
| dc.relation.none.fl_str_mv |
2169-3536 |
| dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
| eu_rights_str_mv |
openAccess |
| dc.source.none.fl_str_mv |
reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação instacron:RCAAP |
| instname_str |
Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
| instacron_str |
RCAAP |
| institution |
RCAAP |
| reponame_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| collection |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| repository.name.fl_str_mv |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
| repository.mail.fl_str_mv |
|
| _version_ |
1799134079063425024 |