A Detection and Correction Approach for Overflow Vulnerabilities in Graphical User Interfaces

Abstract

The objective of this thesis is to propose an approach for detecting overflow vulnerabilities such as buffer and boundary overflows by using static analysis and correcting these vulnerabilities by applying a correction mechanism which uses static code insertion. GUI is tested by specifying user interface requirements and converting this specification into an event-sequence model. Decision table notion is used for modeling the dependencies and boundary restrictions on input data and generating test cases. The test cases are applied to the GUI as inputs manually in real environment. The faults are observed. Then, the overflow vulnerability analysis tool is used to analyze the source code of the program. The deficiencies related to overflow vulnerabilities are found by static analysis. After that, the correction mechanism is applied to the deficient parts of the source code. The software is tested in real environment again. The proposed approach is observed to be successful for detecting and correcting overflow vulnerabilities in GUIs.