Statische und dynami... Studien- und Diploma... Statische und dynami...


Statische Analyseverfahren zur Unterstützung der Erkennung potentieller Pufferüberläufe



A number of existing security approaches make use of static analysis techniques for the purpose of supporting the early detection of potential buffer overflow vulnerabilities in source code written in C. Part of the work to be carried out in this Bachelor Thesis is to be devoted to a comparative analysis of a selection of such techniques (including a. o. Marple and CSSV) concerning their benefits and limitations, in particular evaluating in detail their capability in uncovering all real vulnerabilities and only those. Based on the results achieved during this preliminary investigation, one of these approaches is to be selected and implemented via an appropriate framework. Capabilities and limitations of the implemented tool in uncovering real buffer overflow vulnerabilities are finally to be illustrated by means of suitable examples.

Bearbeiter: Heiko Sonnernberg

Betreuer: M. Eng. Loui Al Sardy