Vis enkel innførsel

Source Code Patterns of Buffer Overflow Vulnerabilities in Firefox

dc.contributor.authorSchuckert, Felix
dc.contributor.authorHildner, Max
dc.contributor.authorKatt, Basel
dc.contributor.authorLangweg, Hanno
dc.date.accessioned2019-03-22T12:24:55Z
dc.date.available2019-03-22T12:24:55Z
dc.date.created2019-01-09T16:34:21Z
dc.date.issued2018
dc.identifier.isbn978-3-88579-675-6
dc.identifier.urihttp://hdl.handle.net/11250/2591307
dc.description.abstractWe investigated 50 randomly selected buffer overflow vulnerabilities in Firefox. The source code of these vulnerabilities and the corresponding patches were manually reviewed and patterns were identified. Our main contribution are taxonomies of errors, sinks and fixes seen from a developer's point of view. The results are compared to the CWE taxonomy with an emphasis on vulnerability details. Additionally, some ideas are presented on how the taxonomy could be used to improve the software security education.nb_NO
dc.language.isoengnb_NO
dc.publisherGesellschaft für Informationnb_NO
dc.relation.ispartofSICHERHEIT 2018
dc.rightsNavngivelse-DelPåSammeVilkår 4.0 Internasjonal*
dc.rights.urihttp://creativecommons.org/licenses/by-sa/4.0/deed.no*
dc.titleSource Code Patterns of Buffer Overflow Vulnerabilities in Firefoxnb_NO
dc.typeChapternb_NO
dc.description.versionpublishedVersionnb_NO
dc.source.pagenumber107-118nb_NO
dc.identifier.doi10.18420/sicherheit2018_08
dc.identifier.cristin1653561
dc.description.localcodeUnder an attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.nb_NO
cristin.unitcode194,63,30,0
cristin.unitnameInstitutt for informasjonssikkerhet og kommunikasjonsteknologi
cristin.ispublishedtrue
cristin.fulltextoriginal


Tilhørende fil(er)

Thumbnail
Filnavn:
sicherheit2018-08.pdf
Størrelse:
244.6Kb
Format:
PDF
Beskrivelse:
Schuckert
Åpne

Denne innførselen finnes i følgende samling(er)

Vis enkel innførsel

Navngivelse-DelPåSammeVilkår 4.0 Internasjonal
Med mindre annet er angitt, så er denne innførselen lisensiert som Navngivelse-DelPåSammeVilkår 4.0 Internasjonal