本研究提出一全新的測試輔助工具以協助軟體工程師或程式測試員在測試程式的正確性時自動地偵測出程式中的緩衝區溢位錯誤。程式緩衝區溢位錯誤(Program Buffer Overflow Bugs, PBOB)是緩衝區溢位攻擊的踏腳石,而緩衝區溢位攻擊是已知的電腦與網路攻擊方式中最危險的一種。Internet Worms便是透過此類程式錯誤在網際網路上繁殖,此外通常這一類攻擊的最終結果就是攻擊者取得被攻擊主機的超級使用者權限。當一程式輸入字串的長度大於接收緩衝區的長度而程式設計師亦沒有對多餘的字串做處理,則程式緩衝區溢位錯誤便會產生。雖然就像其他的程式錯誤一樣,程式緩衝區溢位錯誤也是程式錯誤的一種。但比較特別的是,程式緩衝區溢位錯誤不但不易偵測,也很難避免,且有非常危險的後遺症。通常若非執行一充分完整的程式測試,是很難發現程式內的程式緩衝區溢位錯誤。然而一個充分完整的程式測試通常亦是一個極費力且費時的工作。由於縮短產品開發時間是大部份軟體公司的主要考慮,這一類的測試工作通常被忽略。此外,訓練一位能夠撰寫上萬行程式碼卻不含任何程式緩衝區溢位錯誤的程式設計師,亦是一不可能的任務。畢竟犯錯是人類的天性。因此發展一全新的輔助測試工具以協助軟體工程師自動地偵測程式中的緩衝區溢位錯誤便成為一刻不容緩的重要議題。 In this paper we propose a new type of auxiliary examining tool to support software engineer or test Engineer detects the buffer overflow error in program automatically when testing the correctness of a program. Program Buffer Overflow Bug,(PBOB) is a stepping stone of buffer overflow attacks which is the one of most dangerous known attacks. Internet Worms spreads on Internet Networks via such bugs. Usually, The result of BOF attacks is getting the root privilege from the attacked host. The BOF Bug is produced When the length of a input string in program greater than the length of receive buffer, and the programmer do not deal with the redundant string. Dissimilar to the other program errors, Program Buffer Overflow Bug is not only difficult to detect and evade, but also has very high risky sequela. Program Buffer Overflow Bug in program can be discovered unless execute a complete program testing, and which is time-consuming and laborious. Such works always are neglected due to the major element of consideration from software companies – decrease the building time of products. Otherwise, training a programmer with perfect programming manner is impossible. Consequently, developing an innovative auxiliary examining tool to detect the buffer overflow error in program automatically demands immediate attention.
