RESEARCH ON BUFFER OVERFLOW ATTACK EFFECT EVALUATION TECHNOLOGY

Wang Bing-bing,Xia Qun-feng

ABSTRACT: Buffer overflow is a very common and serious consequences of security vulnerability. Attack effect evaluation plays an important role in software security assessment. Proceeding from the two aspects of the buffer overflow attack and the bypass of the security mechanism, this paper presents an evaluation method of buffer overflow attack effect. Based mainly on the process of obtaining the authority, the level of the permissions and the stability of the authority, the evaluation index system is proposed and the gray evaluation model is adopted to evaluate the evaluation criteria, then the numerical calculation method of attack effect is given. After experimental analysis, it shows that this method can evaluate the attack effect qualitatively and quantitatively.

Keywords: Buffer overflow, Attack effect evaluation, Index system, Gray assessment model