Improving security using extensible lightweight static analysis
作者: D. Evans , D. Larochelle
DOI: 10.1109/52.976940
关键词:
摘要: Most security attacks exploit instances of well-known classes implementation flaws. Developers could detect and eliminate many these flaws before deploying the software, yet problems persist with disturbing frequency-not because community doesn't sufficiently understand them but techniques for preventing have not been integrated into software development process. This article describes an extensible tool that uses lightweight static analysis to common vulnerabilities (including buffer overflows format string vulnerabilities).
computer.org
ieeecomputersociety.org
core.ac.uk
acm.org参考文章(18)
Eric A. Brewer, David Wagner, Ian Goldberg, Randi Thomas, A secure environment for untrusted helper applications confining the Wily Hacker usenix security symposium. pp. 1- 1 ,(1996)
S. C. Johnson, Murray Hill, Lint, a C Program Checker ,(1978)
Navjot Singh, Arash Baratloo, Timothy Tsai, Transparent run-time defense against stack smashing attacks usenix annual technical conference. pp. 21- 21 ,(2000)
John V. Guttag, David E. Evans, Policy-directed code safety Massachusetts Institute of Technology. ,(2000)
David Wagner, Kunal Talwar, Jeffrey S. Foster, Umesh Shankar, Detecting format string vulnerabilities with type qualifiers usenix security symposium. pp. 16- 16 ,(2001)
Eric A. Brewer, Alexander Aiken, David A. Wagner, Jeffrey S. Foster, A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities. network and distributed system security symposium. ,(2000)
David Santo Orcero, The Code Analyser LCLint Linux Journal. ,vol. 2000, pp. 2- ,(2000)
Perry Wagle, Jonathan Walpole, Calton Pu, Steve Beattie, Aaron Grier, Crispin Cowan, Heather Hintony, Qian Zhang, Peat Bakke, Dave Maier, StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks usenix security symposium. pp. 5- 5 ,(1998)
David Evans, Static detection of dynamic memory errors Proceedings of the ACM SIGPLAN 1996 conference on Programming language design and implementation - PLDI '96. ,vol. 31, pp. 44- 53 ,(1996) , 10.1145/231379.231389
G. Ramalingam, The undecidability of aliasing ACM Transactions on Programming Languages and Systems. ,vol. 16, pp. 1467- 1471 ,(1994) , 10.1145/186025.186041