Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Classifying Memory Bugs Using Bugs Framework Approach

Published

Author(s)

Irena Bojanova, Carlos Galhardo

Abstract

In this work, we present an orthogonal classification of memory corruption bugs, allowing precise structured descriptions of related software vulnerabilities. The Common Weakness Enumeration (CWE) is a well-known and used list of software weaknesses. However, it's exhaustive list approach is prone to gaps and overlaps in coverage. Instead, we utilize the Bugs Framework (BF) approach to define language-independent classes that cover all possible kinds of memory corruption bugs. Each class is a taxonomic category of a weakness type, defined by sets of operations, cause-->consequence relations, and attributes. A BF description of a bug or a weakness is an instance of a taxonomic BF class, with one operation, one cause, one consequence, and their attributes. Any memory vulnerability then can be described as a chain of such instances and their consequence–cause transitions. We showcase that BF is a classification system that extends the CWE, providing a structured way to precisely describe real world vulnerabilities. It allows clear communication about software bugs and weaknesses and can help identify exploit mitigation techniques.
Proceedings Title
2021 IEEE 45th Annual Computers, Software, and Applications Conference (COMPSAC)
Conference Dates
July 12-16, 2021
Conference Location
All Virtual, MD, US

Keywords

bug classification, bug taxonomy, software vulnerability, software weakness, memory corruption

Citation

Bojanova, I. and Galhardo, C. (2021), Classifying Memory Bugs Using Bugs Framework Approach, 2021 IEEE 45th Annual Computers, Software, and Applications Conference (COMPSAC), All Virtual, MD, US, [online], https://doi.org/10.1109/COMPSAC51774.2021.00159, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=930038 (Accessed January 24, 2022)
Created September 9, 2021, Updated January 10, 2022