Skip to main content
Article
Information Assurance through Binary Vulnerability Auditing
Ohio Journal of Science
  • William B. Kimball
  • Saverio Perugini, University of Dayton
Document Type
Conference Paper
Publication Date
1-1-2006
Abstract
The goal of this research is to develop improved methods of discovering vulnerabilities in software. A large volume of software, from the most frequently used programs on a desktop computer, such as web browsers, e-mail programs, and word processing applications, to mission-critical services for the space shuttle, is unintentionally vulnerable to attacks and thus insecure. By seeking to improve the identification of vulnerabilities in software, the security community can save the time and money necessary to restore compromised computer systems. In addition, this research is imperative to activities of national security such as counterterrorism. The current approach involves a systematic and complete analysis of the low-level organization of software systems in stark contrast to existing approaches which are either ad-hoc or unable to identify all buffer overflow vulnerabilities. The scope of this project is to develop techniques for identifying buffer overflows in closed-source software where only the software’s executable code is available. These techniques use a comprehensive analysis of the software system’s flow of execution called binary vulnerability auditing. Techniques for binary vulnerability auditing are grounded in science and, while unproven, are more complete than traditional ad-hoc approaches. Since there are several attack vectors in software, this research will focus on buffer overflows, the most common class of vulnerability.
Inclusive pages
A-15
ISBN/ISSN
0030-0950
Document Version
Published Version
Comments

Abstracts only; papers published in a special issue on the 115th meeting of the Ohio Academy of Science, Dayton, Ohio, 2006.

Publisher
Ohio Academy of Science
Peer Reviewed
No
Citation Information
William B. Kimball and Saverio Perugini. "Information Assurance through Binary Vulnerability Auditing" Ohio Journal of Science Vol. 106 Iss. 1 (2006)
Available at: http://works.bepress.com/saverio_perugini/15/