Practical Verification & Safeguard Tools for C/C++
作者: F. Michaud , R. Carbone
DOI:
关键词: Programming language 、 Best practice 、 Safeguard 、 Test case 、 Imperative programming 、 Computer programming 、 Software 、 Software verification 、 Computer science 、 System programming 、 Software engineering
摘要: Abstract : This document is the final report of an activity that took place in 2005-2006. The goal this project was first to identify common software defects related use C and C++ programming languages. Errors vulnerabilities created by these were also investigated, so meaningful test cases could be for evaluation best-of-breed automatic verification tools. Finally, when relevant, best practices inferred from our experiments with
参考文章(9)
Andreas Thuemmel, Analysis of Format String Bugs ,(2001)
David A. Wheeler, Secure Programming for Linux and Unix HOWTO ,(2003)
J. Heffley, P. Meunier, Can source code auditing software identify common vulnerabilities and be used to evaluate software security hawaii international conference on system sciences. ,vol. 10, pp. 90277- 90277 ,(2004) , 10.1109/HICSS.2004.1265654
Emery D. Berger, Benjamin G. Zorn, DieHard ACM SIGPLAN Notices. ,vol. 41, pp. 158- 168 ,(2006) , 10.1145/1133255.1134000
J. Viega, J.T. Bloch, Y. Kohno, G. McGraw, ITS4: a static vulnerability scanner for C and C++ code annual computer security applications conference. pp. 257- 267 ,(2000) , 10.1109/ACSAC.2000.898880
A. Avizienis, J.-C. Laprie, B. Randell, C. Landwehr, Basic concepts and taxonomy of dependable and secure computing IEEE Transactions on Dependable and Secure Computing. ,vol. 1, pp. 11- 33 ,(2004) , 10.1109/TDSC.2004.2
D. Evans, D. Larochelle, Improving security using extensible lightweight static analysis IEEE Software. ,vol. 19, pp. 42- 51 ,(2002) , 10.1109/52.976940
Mariam Kamkar, John Wilander, A Comparison of Publicly Available Tools for Static Intrusion Prevention 7th Nordic Workshop on Secure IT Systems, "Towards Secure and Privacy-Enhanced Systems", 7-8 November 2002, Karlstad University, Sweden. pp. 68- ,(2002)
Vladimir L. Kiriansky, Secure execution environment via program shepherding Massachusetts Institute of Technology. ,(2003)