A New Detection Method for Stack Overflow Vulnerability Based on Component Binary Code for Third-Party Component

摘要

Security testing of Component Object Model (COM) is an active area of research in the software engineering community. This is partly due to the increase in security related issues (referred to as vulnerabilities) reported by users. Although many papers have been published on Component Object Model, very little attention has been paid to the detection of stack overflow vulnerability in software component. This paper presents a method to detect stack overflow vulnerability of binary code of a component. We first convert the buffer overflow problem as an integer constraints problem. We then scan the different buffers according to the types of risk function parameters to establish a function library for all the risks COM components. Finally, we compare the used buffer size and the declared buffer size to identify the stack overflow vulnerability. The experimental result shows that the proposed method is capable of detecting COM components' stack overflow vulnerability. The introduced SBOD (stack buffer overflow detection) algorithm is a promising direction to assist software engineers who seek to detect stack overflow vulnerability in order to improve software quality.