Auditing buffer overflow vulnerabilities using program analysis and data mining techniques
This thesis presents approaches for auditing Buffer Overflow (BO) vulnerabilities, one of the highly prevalent and dangerous vulnerabilities from source code as well as x86 executables. While many approaches exist in literature that help in mitigating them, continuous presence of BO bugs in vulnerab...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Theses and Dissertations |
| Language: | English |
| Published: |
2016
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/68915 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-68915 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-689152023-07-04T17:29:00Z Auditing buffer overflow vulnerabilities using program analysis and data mining techniques Bindu Madhavi Padmanabhuni Tan Hee Beng Kuan School of Electrical and Electronic Engineering DRNTU::Engineering::Computer science and engineering::Information systems This thesis presents approaches for auditing Buffer Overflow (BO) vulnerabilities, one of the highly prevalent and dangerous vulnerabilities from source code as well as x86 executables. While many approaches exist in literature that help in mitigating them, continuous presence of BO bugs in vulnerability reports suggests possible limitations in existing approaches or difficulty in their adoption. Therefore, alternative solutions which are effective and easy-to-use are needed to comprehensively address them. It is also imperative to devise mechanisms for auditing BO bugs from executables. Based on these observations, in this thesis, we propose three novel approaches for auditing BO vulnerabilities namely: test case generation, hybrid auditing methodology using static-dynamic analysis and machine learning for addressing vulnerabilities in source code and vulnerability prediction using static code attributes for predicting bugs in x86 executables. The thesis also evaluates the proposed approaches and demonstrates that they are useful and effective. DOCTOR OF PHILOSOPHY (EEE) 2016-08-01T01:22:13Z 2016-08-01T01:22:13Z 2016 Thesis Padmanabhuni, B. M. (2016). Auditing buffer overflow vulnerabilities using program analysis and data mining techniques. Doctoral thesis, Nanyang Technological University, Singapore. https://hdl.handle.net/10356/68915 10.32657/10356/68915 en 177 p. application/pdf |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
DRNTU::Engineering::Computer science and engineering::Information systems |
| spellingShingle |
DRNTU::Engineering::Computer science and engineering::Information systems Bindu Madhavi Padmanabhuni Auditing buffer overflow vulnerabilities using program analysis and data mining techniques |
| description |
This thesis presents approaches for auditing Buffer Overflow (BO) vulnerabilities, one of the highly prevalent and dangerous vulnerabilities from source code as well as x86 executables. While many approaches exist in literature that help in mitigating them, continuous presence of BO bugs in vulnerability reports suggests possible limitations in existing approaches or difficulty in their adoption. Therefore, alternative solutions which are effective and easy-to-use are needed to comprehensively address them. It is also imperative to devise mechanisms for auditing BO bugs from executables. Based on these observations, in this thesis, we propose three novel approaches for auditing BO vulnerabilities namely: test case generation, hybrid auditing methodology using static-dynamic analysis and machine learning for addressing vulnerabilities in source code and vulnerability prediction using static code attributes for predicting bugs in x86 executables. The thesis also evaluates the proposed approaches and demonstrates that they are useful and effective. |
| author2 |
Tan Hee Beng Kuan |
| author_facet |
Tan Hee Beng Kuan Bindu Madhavi Padmanabhuni |
| format |
Theses and Dissertations |
| author |
Bindu Madhavi Padmanabhuni |
| author_sort |
Bindu Madhavi Padmanabhuni |
| title |
Auditing buffer overflow vulnerabilities using program analysis and data mining techniques |
| title_short |
Auditing buffer overflow vulnerabilities using program analysis and data mining techniques |
| title_full |
Auditing buffer overflow vulnerabilities using program analysis and data mining techniques |
| title_fullStr |
Auditing buffer overflow vulnerabilities using program analysis and data mining techniques |
| title_full_unstemmed |
Auditing buffer overflow vulnerabilities using program analysis and data mining techniques |
| title_sort |
auditing buffer overflow vulnerabilities using program analysis and data mining techniques |
| publishDate |
2016 |
| url |
https://hdl.handle.net/10356/68915 |
| _version_ |
1772827044214734848 |