A source code perspective C overflow vulnerabilities exploit taxonomy based on well-defined criteria / Nurul Haszeli Ahmad

Despite various works for more than three decades , C overflow vulnerabilities is still a major security issue, as it has contributed to more than 30% of all recorded vulnerabilities and has been the root cause of many successful exploits. One of the main causes lies in the C software developers themselves, who inadvertently introduced these vulnerabilities due to their lack of understanding of vulnerabilities being the security loophole. To educate them, researchers have constructed C overflow vulnerabilities taxonomies. However, most of these taxonomies are memory based, focuses on symptoms upon vulnerability triggered and did not describe the appearance of vulnerabilities in coding, which subsequently, prevented software developers from understanding the vulnerabilities and writing safe codes. There were also works done previously on source code-based taxonomies but they were too broad with ambiguous classes and failed to describe clearly from software developers point of view. Currently, there is no source code-based taxonomy constructed with criteria of well-defined taxonomy resulting in difficulty to apply taxonomy as foundation and references in writing secure codes. Therefore, the objective of this research is to construct a well-defined C overflow vulnerabilities exploit taxonomy from source code perspective. To achieve that, reviews on numerous reports, advisories and publications related to C overflow vulnerabilities, analysis methods and tools, and relevant classifications and taxonomies were meticulously performed. It was followed by reclassification of well-defined criteria, which was used to construct C overflow vulnerabilities exploit taxonomy from source code perspective. The taxonomy was then evaluated for both relevancy against well-defined criteria and as well as the effectiveness of static analysis tools. The results suggested that the taxonomy facilitates the understanding of software developers in classifying and detecting C overflow vulnerabilities and the selected five static analysis tools require further improvement to enable the tools to detect from three to four classes to all available C overflow vulnerabilities classes. The significances of this study are the constructed well-defined taxonomy of C overflow vulnerabilities exploits consisting of 10 classes with three new classified classes; i.e. Memory Functions, Variable Type Conversion and Pointer Scaling/Mixing, and methods to evaluate taxonomy in accordance to well-defined criteria.