Source Code Patterns of Buffer Overflow Vulnerabilities in Firefox
Abstract
We investigated 50 randomly selected buffer overflow vulnerabilities in Firefox. The source code of these vulnerabilities and the corresponding patches were manually reviewed and patterns were identified. Our main contribution are taxonomies of errors, sinks and fixes seen from a developer's point of view. The results are compared to the CWE taxonomy with an emphasis on vulnerability details. Additionally, some ideas are presented on how the taxonomy could be used to improve the software security education.
- Citation
- BibTeX
Schuckert, F., Hildner, M., Katt, B. & Langweg, H.,
(2018).
Source Code Patterns of Buffer Overflow Vulnerabilities in Firefox.
In:
Langweg, H., Meier, M., Witt, B. C. & Reinhardt, D.
(Hrsg.),
SICHERHEIT 2018.
Bonn:
Gesellschaft für Informatik e.V..
(S. 107-118).
DOI: 10.18420/sicherheit2018_08
@inproceedings{mci/Schuckert2018,
author = {Schuckert, Felix AND Hildner, Max AND Katt, Basel AND Langweg, Hanno},
title = {Source Code Patterns of Buffer Overflow Vulnerabilities in Firefox},
booktitle = {SICHERHEIT 2018},
year = {2018},
editor = {Langweg, Hanno AND Meier, Michael AND Witt, Bernhard C. AND Reinhardt, Delphine} ,
pages = { 107-118 } ,
doi = { 10.18420/sicherheit2018_08 },
publisher = {Gesellschaft für Informatik e.V.},
address = {Bonn}
}
author = {Schuckert, Felix AND Hildner, Max AND Katt, Basel AND Langweg, Hanno},
title = {Source Code Patterns of Buffer Overflow Vulnerabilities in Firefox},
booktitle = {SICHERHEIT 2018},
year = {2018},
editor = {Langweg, Hanno AND Meier, Michael AND Witt, Bernhard C. AND Reinhardt, Delphine} ,
pages = { 107-118 } ,
doi = { 10.18420/sicherheit2018_08 },
publisher = {Gesellschaft für Informatik e.V.},
address = {Bonn}
}
Dateien | Groesse | Format | Anzeige | |
---|---|---|---|---|
sicherheit2018-08.pdf | 244.6Kb | View/ |
Sollte hier kein Volltext (PDF) verlinkt sein, dann kann es sein, dass dieser aus verschiedenen Gruenden (z.B. Lizenzen oder Copyright) nur in einer anderen Digital Library verfuegbar ist. Versuchen Sie in diesem Fall einen Zugriff ueber die verlinkte DOI: 10.18420/sicherheit2018_08
Haben Sie fehlerhafte Angaben entdeckt? Sagen Sie uns Bescheid: Send Feedback
More Info
ISBN: 978-3-88579-675-6
ISSN: 1617-5468
xmlui.MetaDataDisplay.field.date: 2018
Language: (en)
Content Type: Text/Conference Paper