NIST logo

Publication Citation: A Basic CWE-121 Buffer Overflow Effectiveness Test Suite

NIST Authors in Bold

Author(s): Paul E. Black; Hsiao-Ming M. Koo; Thomas F. Irish;
Title: A Basic CWE-121 Buffer Overflow Effectiveness Test Suite
Published: April 01, 2013
Abstract: Phase 3 of MITRE's Common Weakness Enumeration (CWE) Compatibility and Effectiveness program allows a customer to understand how effective a software assurance tool is at finding weaknesses and what code complexities it handles. Phase 3 is based on suites of test programs, but gives no criteria about how many programs are needed, their nature, how effectiveness is defined, or other details. We recommend principles in selecting a test suite for CWE effectiveness, and present a basic effectiveness test suite in C for CWE-121 Stack-based Buffer Overflow. For transparency we also document our steps in developing it. Finally, we suggest future work including code complexities.
Conference: 6th Latin-American Symposium on Dependable Computing
Proceedings: Proc. 6th Latin-American Symposium on Dependable Computing
Location: Rio de Janeiro, -1
Dates: April 1-5, 2013
Keywords: software assurance, common weakness enumeration (CWE), static source code analysis
Research Areas: Software Testing Metrics
PDF version: PDF Document Click here to retrieve PDF version of paper (603KB)