Browse > Article
http://dx.doi.org/10.7236/JIWIT.2012.12.5.237

A Methodology for Security Vulnerability Assessment Process on Binary Code  

Hwang, Seong-Oun (Dept. of Computer & Information Communications Engineering, Hongik University)
Publication Information
The Journal of the Institute of Internet, Broadcasting and Communication / v.12, no.5, 2012 , pp. 237-242 More about this Journal
Abstract
Cyber attacks have rapidly increased by exploiting the underlying vulnerabilities in the target software. However, identifying and correcting these vulnerabilities are extremely difficult and time consuming tasks. To address these problems efficiently, we propose a systematic methodology for security vulnerability assessment process on binary code in the paper. Specifically, we first classified the existing vulnerabilities based on whether the target software run in a Web environment and features of the software. Based on the classification, we determined the list and scope of the vulnerabilities. As our future research direction, we need to further refine and validate our methodology.
Keywords
Security Vulnerability; Security Analysis; Fuzzing; Tainting; Cyber Attack;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Veracode, "State of Software Security Report", 2011.
2 SANS, "CWE/SANS TOP 25 Most Dangerous Software Errors", http://www.sans.org/top25-software-errors, 2011.
3 CVE List, "http://cve.mitre.org/cve".
4 OSVDB, "http://www.osvdb.org".
5 Exploit DB, "http://www.exploit-db.com".
6 CWE List, "http://cwe.mitre.org/data/index.html".
7 Metasploit, "www.metasploit.com".
8 M. Sutton, A. Greene and P. Amini, "Fuzzing Brute Force Vulnerability Discovery", Addison-Wesley, 2008.
9 B. Edgar, "Taint Analysis", Hackers to Hackers Conference, 2009.
10 IDA Pro, http://www.hexblog.com.
11 Corelan, "In Memory Fuzzing", http://www.corelan.be/index.php/2010/10/20/in-memory-fuzzing, 2010.
12 Colleen Lewis, Barret Rhoden, Cynthia Sturton, "Using Structured Random Data to Precisely Fuzz Media", http://www.eecs.berkeley.edu/-csturton/classes/cs261/fuzz_media_players.pdf, 2007.
13 Yong Su Park et al., Window Multimedia Vulnerabilities Analysis Study, KISA, 2009.
14 Seong Oun Hwang, Finding Vulnerabilities in Binary Codes Using Tainting/Fuzzing Analysis, 6th International conference on Convergence and Hybrid Information Technology (ICHIT), CCIS, vol. 310, 2012.