Name
Abstract | ||
|---|---|---|
Software researchers have already developed static code security checkers to parse through and scan source code files, looking for security vulnerabilities [8, 9]. What about executable files? Can these files also be statically checked for security weaknesses such as buffer overflows? We have created a methodology that uses information located in the headers, sections, and tables of a Windows NT/XP executable file, along with information derived from the overall contents of the file, as a means to detect specific anomalies and software security vulnerabilities without having to disassemble the code. In addition, we have instantiated this methodology in a software utility program called findssv that automatically performs this static analysis.We tested findssv on six categories of files: executable installation files, software development files, Windows XP operating system files, Microsoft application files, security-centric applications files, and miscellaneous application files. Through the test results on over 2700 files, we show that findssv can detect 1) inconsistent table sizes, 2) large zero-filled regions of bytes, 3) unknown regions of bytes, 4) compressed files placed in a file, 5) sections that are both writable and executable, and 6) the use of functions susceptible to buffer overflow attacks. We also identify key vulnerability findings about the software in the six categories. |
Year | DOI | Venue |
|---|---|---|
2006 | 10.1145/1185448.1185570 | ACM Southeast Regional Conference 2005 |
Keywords | Field | DocType |
microsoft application file,executable installation file,software development file,software researcher,software utility program,static code security checker,executable file,security vulnerability,software security vulnerability,static analysis,security weakness,software development,source code,operating system,pe format,buffer overflow,software security | Codebase,Data,Source code,Computer science,Software security assurance,Data file,Database,Operating system,Portable Executable,Executable,Computer file | Conference |
ISBN | Citations | PageRank |
1-59593-315-8 | 5 | 0.62 |
References | Authors | |
2 | 2 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Jay-Evan J. Tevis | 1 | 14 | 1.75 |
| John A. Hamilton , Jr | 2 | 35 | 8.12 |