An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Classifying Memory Bugs Using Bugs Framework Approach
Published
Author(s)
Irena Bojanova, Carlos Galhardo
Abstract
In this work, we present an orthogonal classification of memory corruption bugs, allowing precise structured descriptions of related software vulnerabilities. The Common Weakness Enumeration (CWE) is a well-known and used list of software weaknesses. However, it's exhaustive list approach is prone to gaps and overlaps in coverage. Instead, we utilize the Bugs Framework (BF) approach to define language-independent classes that cover all possible kinds of memory corruption bugs. Each class is a taxonomic category of a weakness type, defined by sets of operations, cause-->consequence relations, and attributes. A BF description of a bug or a weakness is an instance of a taxonomic BF class, with one operation, one cause, one consequence, and their attributes. Any memory vulnerability then can be described as a chain of such instances and their consequence–cause transitions. We showcase that BF is a classification system that extends the CWE, providing a structured way to precisely describe real world vulnerabilities. It allows clear communication about software bugs and weaknesses and can help identify exploit mitigation techniques.
Proceedings Title
2021 IEEE 45th Annual Computers, Software, and Applications Conference (COMPSAC)
Bojanova, I.
and Galhardo, C.
(2021),
Classifying Memory Bugs Using Bugs Framework Approach, 2021 IEEE 45th Annual Computers, Software, and Applications Conference (COMPSAC), All Virtual, MD, US, [online], https://doi.org/10.1109/COMPSAC51774.2021.00159, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=930038
(Accessed October 11, 2024)