%0 Journal Article
%T CLASSIFICATION AND MEASUREMENT ON C OVERFLOW VULNERABILITIES ATTACK
%A Nurul Haszeli Ahmad
%A Syed Ahmad Aljunid
%A Jamalul-lail Ab Manan
%J International Journal of New Computer Architectures and their Applications
%D 2011
%I Society of Digital Information and Wireless Communications
%X Since early 70s, software vulnerabilities have been classified and measured for various purposes including software assurance. Out of many software vulnerabilities, C vulnerabilities are the most common subject discussed, classified and measured. However, there are still gaps in those early works as C vulnerabilities still exist and reported by various security advisors. The most common and highly ranked is C overflow vulnerabilities. Therefore, we propose this taxonomy, which classified all existing overflow vulnerabilities including four vulnerabilities that have never been classified before. We also provide a guideline to identified and avoid these vulnerabilities from source code perspective. We ensure our taxonomy is constructed to meet the characteristics of well-defined taxonomy. We also evaluate our taxonomy by classifying various software security advisories and reports using our taxonomy. As a result, our taxonomy is complete and comprehensive, and hence, is a valuable reference to be used as part of software assurance processes.
%U http://sdiwc.net/digital-library/web-admin/upload-pdf/00000055.pdf