Browse > Article
http://dx.doi.org/10.15207/JKCS.2021.12.1.011

Implementing a Fuzzing Agent to Dectect Buffer Overflow Vulnerability  

Kim, Bong-Han (Major of Digital Security, CheongJu University)
Publication Information
Journal of the Korea Convergence Society / v.12, no.1, 2021 , pp. 11-17 More about this Journal
Abstract
If a vulnerability in the software connected to the network to obtain the user's privilege, a remote attacker could gain the privilege to use the computer. In addition, in a user environment in which an operating system for a specific series is used a lot, if a problem occurs in the operating system, considerable damage can occur. In particular, If an error is a security vulnerability, it can be a very big problem. Various studies have been conducted to find and respond to vulnerabilities in such a situation. Among various security technologies, the fuzzing technology is one of the most effective technologies to find errors in software. In this paper, I designed and implemented a fuzzing agent that can detect buffer overflow vulnerabilities that can occur in various applications. Through this fuzzing agent, application developers will be able to realize a more secure computing environment in which they can discover and fix vulnerabilities in their own applications.
Keywords
Convergence Security; Buffer Overflow; Fuzzing; Vulnerability; Agent; Application;
Citations & Related Records
연도 인용수 순위
  • Reference
1 S. McClure, J. Scambray & G. Kurtz. (2012). Hacking Exposed 7: Network Security Secrets and Solutions. New york : McGraw Hill.
2 A. Takanen, J. D. Demott & C. Miller. (2018). Fuzzing for Software Security Testing and Quality Assurance. Boston : Artech House.
3 P. Brandon. (2017). Gray Hat C#: A Hacker's Guide to Creating and Automating Security Tools. San Francisco : No Starch Press
4 S. H. Hong & H. J. Sin. (2017). Analysis of the Vulnerability of the IoT by the Scenario. Journal of the Korea Convergence Society, 8(9), 1-7. DOI : 10.15207/JKCS.2017.8.9.001   DOI
5 S. H. Oh, T. E. Kim & H. K. Kim. (2017). Technology Analysis on Automatic Detection and Defense of SW Vulnerabilities. Journal of the Korea Academia-Industrial cooperation Society, 18(11), 94-103 DOI : 10.5762/KAIS.2017.18.11.94   DOI
6 S. C. Lim & D. Y. Kim. (2018). Comparative Analysis of Network-based Vulnerability Scanner for application Nuclear Power Plants. Journal of the Korea Institute of Information and Communication Engineering, 22(10), 1392-1397. DOI : 10.12811/JKCS.201.11.2.129   DOI
7 T. K. Lee & S. Son. (2018). Performance Analysis of Open Source Web Vulnerability Scanner. Communications of the Korean Institute of Information Scientists and Engineers, 36(3), 42-49.
8 K. S. Oh & J. C. Ryou. (2016). A Study on Tools for Control System Platform Vulnerability Scanner Development. Proceedings of the Korea Information Processing Society Conference, 51, 202-205.
9 S. H. Oh, T. E. Kim & H. K. Kim. (2017). Technology Analysis on Automatic Detection and Defense of SW Vulnerabilities. Proceedings of the Korea Information Processing Society Conference, 18(11), 94-103. DOI : 10.5762/KAIS.2017.18.11.94   DOI
10 K. Y. Lim, S. H. Kang, & S. J. Kim. (2016). A study on the security weakness diagnosis method for commercial and open software based on fuzzing. REVIEW OF KIISC, 26(1), 27-33.
11 R. Fayzbek, M. J. Choi & J. B. Yun. (2018). Search-Based Concolic Execution for SW Vulnerability Discovery. IEICE TRANSACTIONS on Information and Systems, E101-D(10). 2526-2529. DOI : 10.1587/transinf.2018EDL8052   DOI
12 I. Haller, A. Slowinska, M. Neugschwandtner & H. Bos. (2013). Dowsing for overflows: A guided fuzzer to find buffer boundary violations. In Proceedings of the USENIX Security Symposium. (pp. 49-63). Washington : USENIX
13 P. Godefroid, M. Y. Levin & D. Molnar. (2012). SAGE: Whitebox Fuzzing for Security Testing. Communications of the ACM, 55(3). 40-44. doi:10.1145/2093548.2093564   DOI
14 J. M. Yoon. (2019). SIEM OWASP-ZAP and ANGRY-IP Vulnerability Analysis Module and Interlocking. Convergence security journal, 19(2), 83-89 DOI : 10.33778/kcsa.2019.19.2.083   DOI
15 S. H. Paek, H. G. Oh & D. H. Lee. (2006). Study of Methodologies for New Vulnerability Checking Module Development Proper to User Level. Journal of information and security, 6(4). 29-40
16 W. You, P. Zong, K. Chen, X. Wang, X. Liao & P. Bian. (2017, Nov). SemFuzz: Semantics- based automatic generation proof-of-concept exploits. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. (pp.2139-2154). Dallas : ACM