期刊名称:International Journal of New Computer Architectures and their Applications
印刷版ISSN:2220-9085
出版年度:2011
卷号:1
期号:3
页码:652-664
出版社:Society of Digital Information and Wireless Communications
摘要:Since early 70s, softwarrrre vulnerabilities have been classified and measured for various purposes including software assurance. Out of many software vulnerabilities, C vulnerabilities are the most common subject discussed, classified and measured. However, there are still gaps in those early works as C vulnerabilities still exist and reported by various security advisors. The most common and highly ranked is C overflow vulnerabilities. Therefore, we propose this taxonomy, which classified all existing overflow vulnerabilities including four vulnerabilities that have never been classified before. We also provide a guideline to identified and avoid these vulnerabilities from source code perspective. We ensure our taxonomy is constructed to meet the characteristics of well-defined taxonomy. We also evaluate our taxonomy by classifying various software security advisories and reports using our taxonomy. As a result, our taxonomy is complete and comprehensive, and hence, is a valuable reference to be used as part of software assurance processes.
