期刊名称:International Journal of Software Engineering and Its Applications
印刷版ISSN:1738-9984
出版年度:2014
卷号:8
期号:8
页码:171-180
DOI:10.14257/ijseia.2014.8.8,16
出版社:SERSC
摘要:Regardless that the classic buffer overflow is a known and simple threat against software systems; security agencies still consider this threat as one of the most common software vulnerabilities. Aiming to increasing security resistance against this software threat, emphasize on software design phase is highly reasonable where cost and time required for fixing error in design level is several times lesser than coding or implementation levels. In this purpose, we use the Attack-based security analysis model for tracking and mitigating the classic buffer overflow during the software design phase. Through this model, we use known properties and behaviors of the buffer overflow to determine system vulnerabilities and address required security aspects. In this paper, we describe how to apply the Attack-based security analysis model for increasing security resistance against the classic buffer overflow. The main contribution of this work refers to showing capability of the Attack-based security analysis model in tracking and mitigating the classic buffer overflow into the software design phase in such a way that additional cost and time are not required for system analyzing and defining threat scenario.
