J4 ›› 2011, Vol. 46 ›› Issue (9): 43-47.

• Articles • Previous Articles     Next Articles

Design and implementation of component stack overflow vulnerability detection system

CHEN Jin-fu1,2, ZHANG Chao2, LU Yan-sheng2, WANG Huan-huan1   

  1. 1. School of Computer Science and Telecommunication Engineering, Jiangsu University,
     Zhenjiang 212013, Jiangsu, China; 2. School of Computer Science and Technology,
    Huazhong University of Science and Technology,Wuhan 430074, Hubei, China
  • Received:2010-05-19 Online:2011-09-20 Published:2011-09-08

Abstract:

Problems with buffer overflow security exposed by the COM component are more and more with the COM component technology widely used. The system CSDS (component stack overflow detecting system), which can detect buffer-overflow vulnerability of COM component, is designed and implemented in this paper. The CSDS system contains four modules, such as interface analysis module, function position module, stack-overflow static analysis module and result output module. The detail information of objects, interfaces and functions of the COM component is obtained through the interface analysis module. The linear address that the userwritten function corresponded in the assembly code of the component is analyzed and obtained through function position module. COM component assembly codes are implemented and stack-overflow vulnerability is analyzed through stackoverflow static analysis module. Test results can be expressed by the form of XML through result output module. The implemented prototype system CSDS has good effect on stack buffer-overflow vulnerability of the COM component.

Key words: COM component; buffer overflow vulnerability; static analysis; hazard function

No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!