Title: CLASSIFICATION AND MEASUREMENT ON C OVERFLOW VULNERABILITIES ATTACK

Issue Number: Vol. 1, No. 3
Year of Publication: Oct - 2011
Page Numbers: 652-664
Authors: Nurul Haszeli Ahmad, Syed Ahmad Aljunid, Jamalul-lail Ab Manan
Journal Name: International Journal of New Computer Architectures and their Applications (IJNCAA)
- Hong Kong

Abstract:


Since early 70s, software vulnerabilities have been classified and measured for various purposes including software assurance. Out of many software vulnerabilities, C vulnerabilities are the most common subject discussed, classified and measured. However, there are still gaps in those early works as C vulnerabilities still exist and reported by various security advisors. The most common and highly ranked is C overflow vulnerabilities. Therefore, we propose this taxonomy, which classified all existing overflow vulnerabilities including four vulnerabilities that have never been classified before. We also provide a guideline to identified and avoid these vulnerabilities from source code perspective. We ensure our taxonomy is constructed to meet the characteristics of well-defined taxonomy. We also evaluate our taxonomy by classifying various software security advisories and reports using our taxonomy. As a result, our taxonomy is complete and comprehensive, and hence, is a valuable reference to be used as part of software assurance processes.