Show simple item record

dc.contributor.authorSchuckert, Felix
dc.contributor.authorHildner, Max
dc.contributor.authorKatt, Basel
dc.contributor.authorLangweg, Hanno
dc.contributor.editorLangweg, Hanno
dc.contributor.editorMeier, Michael
dc.contributor.editorWitt, Bernhard C.
dc.contributor.editorReinhardt, Delphine
dc.date.accessioned2018-03-22T12:40:43Z
dc.date.available2018-03-22T12:40:43Z
dc.date.issued2018
dc.identifier.isbn978-3-88579-675-6
dc.identifier.issn1617-5468
dc.identifier.urihttp://dl.gi.de/handle/20.500.12116/16298
dc.description.abstractWe investigated 50 randomly selected buffer overflow vulnerabilities in Firefox. The source code of these vulnerabilities and the corresponding patches were manually reviewed and patterns were identified. Our main contribution are taxonomies of errors, sinks and fixes seen from a developer's point of view. The results are compared to the CWE taxonomy with an emphasis on vulnerability details. Additionally, some ideas are presented on how the taxonomy could be used to improve the software security education.en
dc.language.isoen
dc.publisherGesellschaft für Informatik e.V.
dc.relation.ispartofSICHERHEIT 2018
dc.relation.ispartofseriesLecture Notes in Informatics (LNI) - Proceedings, Volume P-281
dc.subjectBuffer Overflow
dc.subjectSource Code Patterns
dc.subjectVulnerabilities
dc.subjectCode Analysis
dc.titleSource Code Patterns of Buffer Overflow Vulnerabilities in Firefoxen
dc.typeText/Conference Paper
dc.pubPlaceBonn
mci.reference.pages107-118
mci.conference.sessiontitleWissenschaftliche Beiträge
mci.conference.locationKonstanz, Germany
mci.conference.date25.-27. April 2018
dc.identifier.doi10.18420/sicherheit2018_08


Files in this item

Thumbnail

Show simple item record