CROct 31, 2019Code
Existence of Stack Overflow Vulnerabilities in Well-known Open Source ProjectsMd. Masudur Rahman, B M Mainul Hossain
A stack overflow occurs when a program or process tries to store more data in a buffer (or stack) than it was intended to hold. If the affected program is running with special privileges or accepts data from untrusted network hosts (e.g. a web-server), then it is a potential security vulnerability. Overflowing a stack, an attacker can corrupt the stack in such a way as to inject executable code into the running program and take control of the process. This is one of the easiest and more reliable methods for attackers to gain unauthorized access to a computer. In this paper, we show that how stack overflow occurs and many open source projects, such as - Linux, Git, PHP, etc. contain such code portions in which it is possible to overflow the stacks as well as inject malicious script to harm the normal execution of the processes. In addition, this paper raises a concern to avoid writing such codes those are potentially sources for stack overflow attack.
SEMay 8, 2017
Requirements Model for Cyber-Physical SystemMd. Masudur Rahman, Naushin Nower
The development of cyber-physical system (CPS) is a big challenge because of its complexity and its complex requirements. Especially in Requirements Engineering (RE), there exist many redundant and conflict requirements. Eliminating conflict requirements and merged redundant/common requirements lead a challenging task at the elicitation phase in the requirements engineering process for CPS. Collecting and optimizing requirements through appropriate process reduce both development time and cost as every functional requirement gets refined and optimized at very first stage (requirements elicitation phase) of the whole development process. Existing researches have focused on requirements those have already been collected. However, none of the researches have worked on how the requirements are collected and refined. This paper provides a requirements model for CPS that gives a direction about the requirements be gathered, refined and cluster in order to developing the CPS independently. The paper also shows a case study about the application of the proposed model to transport system.