Document Type

Conference Paper

Publication Date

2006

Publication Source

Ohio Journal of Science

Abstract

The goal of this research is to develop improved methods of discovering vulnerabilities in software. A large volume of software, from the most frequently used programs on a desktop computer, such as web browsers, e-mail programs, and word processing applications, to mission-critical services for the space shuttle, is unintentionally vulnerable to attacks and thus insecure. By seeking to improve the identification of vulnerabilities in software, the security community can save the time and money necessary to restore compromised computer systems. In addition, this research is imperative to activities of national security such as counterterrorism. The current approach involves a systematic and complete analysis of the low-level organization of software systems in stark contrast to existing approaches which are either ad-hoc or unable to identify all buffer overflow vulnerabilities. The scope of this project is to develop techniques for identifying buffer overflows in closed-source software where only the software’s executable code is available. These techniques use a comprehensive analysis of the software system’s flow of execution called binary vulnerability auditing. Techniques for binary vulnerability auditing are grounded in science and, while unproven, are more complete than traditional ad-hoc approaches. Since there are several attack vectors in software, this research will focus on buffer overflows, the most common class of vulnerability.

Inclusive pages

A-15

ISBN/ISSN

0030-0950

Document Version

Published Version

Comments

Abstracts only; papers published in a special issue on the 115th meeting of the Ohio Academy of Science, Dayton, Ohio, 2006.

Publisher

Ohio Academy of Science

Volume

106

Peer Reviewed

no

Issue

1

Download

Share

COinS