The Value Proposition for Assurance of JPL Systems

Port, Dan; Wilf, Joel

doi:10.1016/j.procs.2014.03.049

Cited by 6 publications

(1 citation statement)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, a category such as "Buffer overflow" represents different CWE entries that describe the type of buffer overflow (e.g., CWE-121 Stack-based buffer overflow, CWE-190 Integer overflow, etc). Therefore, we used security model categories in accordance with the "Center for Assured Software 2011" to generate a security model as part of a more general software quality model [35]. This security model facilitates interpretation of the Juliet test set results and thereby provides a connection between generic descriptions of software security attributes and specific software analysis approaches.…”

Section: Empirical Evaluation Of the Test-suitementioning

confidence: 99%

Automatic Prevention of Buffer Overflow Vulnerability Using Candidate Code Generation

Jang

Choi²

2018

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

The security of a software program critically depends on the prevention of vulnerabilities in the source code; however, conventional computer programs lack the ability to identify vulnerable code in another program. Our research was aimed at developing a technique capable of generating substitution code for the detection of buffer overflow vulnerability in C/C++ programs. The technique automatically verifies and sanitizes code instrumentation by comparing the result of each candidate variable with that expected from the input data. Our results showed that statements containing buffer overflow vulnerabilities could be detected and prevented by using a substitution variable and by sanitizing code vulnerabilities based on the size of the variables. Thus, faults can be detected prior to execution of the statement, preventing malicious access. Our approach is particularly useful for enhancing software security monitoring, and for designing retrofitting techniques in applications.

show abstract

Section: Empirical Evaluation Of the Test-suitementioning

confidence: 99%