ITS4: a static vulnerability scanner for C and C++ code
作者: J. Viega , J.T. Bloch , Y. Kohno , G. McGraw
DOI: 10.1109/ACSAC.2000.898880
关键词:
摘要: … potentially unsafe constructs in C and C++ code. While we certainly would find such a tool … source code audit (as we believe many people do). The primary goal was to identify locations …
acsac.org参考文章(9)
William Landi, Barbara G. Ryder, A safe approximate algorithm for interprocedural pointer aliasing (with retrospective) Best of PLDI. pp. 473- 489 ,(1992)
Matt Bishop, Writing Safe Setuid Programs ,(1999)
Ravi Sethi, Jeffrey D. Ullman, Alfred V. Aho, Compilers: Principles, Techniques, and Tools ,(1986)
Eric A. Brewer, Alexander Aiken, David A. Wagner, Jeffrey S. Foster, A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities. network and distributed system security symposium. ,(2000)
Perry Wagle, Jonathan Walpole, Calton Pu, Steve Beattie, Aaron Grier, Crispin Cowan, Heather Hintony, Qian Zhang, Peat Bakke, Dave Maier, StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks usenix security symposium. pp. 5- 5 ,(1998)
Gene Spafford, Simson Garfinkel, Practical UNIX and Internet Security ,(1996)
David Evans, John Guttag, James Horning, Yang Meng Tan, LCLint Proceedings of the 2nd ACM SIGSOFT symposium on Foundations of software engineering - SIGSOFT '94. ,vol. 19, pp. 87- 96 ,(1994) , 10.1145/193173.195297
Andrew C. Myers, JFlow Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages - POPL '99. pp. 228- 241 ,(1999) , 10.1145/292540.292561
Matt Bishop, Michael Dilger, Checking for Race Conditions in File Accesses Computing Systems. ,vol. 2, pp. 131- 152 ,(1996)