Source Code Patterns of Buffer Overflow Vulnerabilities in Firefox

We investigated 50 randomly selected buffer overflow vulnerabilities in Firefox. The source code of these vulnerabilities and the corresponding patches were manually reviewed and patterns were identified. Our main contribution are taxonomies of errors, sinks and fixes seen from a developer's point of view. The results are compared to the CWE taxonomy with an emphasis on vulnerability details. Additionally, some ideas are presented on how the taxonomy could be used to improve the software security education.

Schuckert, Felix; Hildner, Max; Katt, Basel; Langweg, Hanno (2018): Source Code Patterns of Buffer Overflow Vulnerabilities in Firefox. SICHERHEIT 2018. DOI: 10.18420/sicherheit2018_08. Bonn: Gesellschaft für Informatik e.V.. PISSN: 1617-5468. ISBN: 978-3-88579-675-6. pp. 107-118. Wissenschaftliche Beiträge. Konstanz, Germany. 25.-27. April 2018

Schlagwörter

Buffer Overflow , Source Code Patterns , Vulnerabilities , Code Analysis

DOI

10.18420/sicherheit2018_08

Sammlungen

P281 - Sicherheit 2018 - Sicherheit, Schutz und Zuverlässigkeit

Komplettanzeige

Source Code Patterns of Buffer Overflow Vulnerabilities in Firefox

Volltext URI

Dokumententyp

Dateien

Zusatzinformation

Datum

Autor:innen

Zeitschriftentitel

ISSN der Zeitschrift

Bandtitel

Quelle

Verlag

Zusammenfassung

Beschreibung

Schlagwörter

Zitierform

DOI

Tags

Sammlungen