ARMORY: An automatic security testing tool for buffer overflow defect detection

• Published in: Computers & electrical engineering Vol. 39; no. 7; pp. 2233 - 2242
• Main Authors: Chen, Li-Han, Hsu, Fu-Hau, Hwang, Yanling, Su, Mu-Chun, Ku, Wei-Shinn, Chang, Chi-Hsuan
• Format: Journal Article
• Language: English
• Published: Elsevier Ltd 01.10.2013
• Subjects: Buffers; Computer information security; Computer programs; Defects; Finishes; Software; Source code
• ISSN: 0045-7906; 1879-0755
• DOI: 10.1016/j.compeleceng.2012.07.005

[Display omitted] ► ARMORY detects buffer overflow defects automatically inside kernel. ► It classifies three types of buffer overflow defects: L2S, LOOP, and FISSION. ► It does not need any attack instance, any training phase, and source code. Program Buffer Overflow Defects (PBODs) are the stepping stones of Buffer Overflow Attacks (BOAs), which are one of the most dangerous security threats to the Internet. In this paper, we propose a kernel-based security testing tool, named ARMORY, for software engineers to detect PBODs automatically when they apply all kinds of testing, especially functional testing and unit testing, without increasing the testing workload. Besides, ARMORY does not need any attack instance, any training phase, or source code to finish its security testing. ARMORY can detect unknown PBODs. ARMORY not only can improve software quality, but also can reduce the amount of system resources used to protect a system. We implemented ARMORY in Linux kernel by modifying sys_read() system call and entry. S which deals all system call. Experimental results show that ARMORY can automatically detect PBODs when programmers test the functionality of their programs.