A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities.
作者: Eric A. Brewer , Alexander Aiken , David A. Wagner , Jeffrey S. Foster
DOI:
关键词:
摘要: We describe a new technique for finding potential buffer overrun vulnerabilities in security-critical C code. The key to success is use static analysis: we formulate detection of overruns as an integer range analysis problem. One major advantage that security bugs can be eliminated before code deployed. have implemented our design and used prototype find remotely-exploitable large, widely deployed software package. An earlier hand audit missed
ndss-symposium.org
isoc.org
stanford.edu 参考文章(46)
Radhia Cousot, Patrick Cousot, Static determination of dynamic properties of programs Dunod. pp. 106- 130 ,(1976)
S. C. Johnson, Murray Hill, Lint, a C Program Checker ,(1978)
Nicolas Halbwachs, Yann -Eric Proy, Pascal Raymond, Verification of linear hybrid systems by means of convex approximations static analysis symposium. pp. 223- 237 ,(1994) , 10.1007/3-540-58485-4_43
Nicolas Halbwachs, Yann-Erick Proy, Patrick Roumanoff, Verification of Real-Time Systems using Linear Relation Analysis computer aided verification. ,vol. 11, pp. 157- 185 ,(1997) , 10.1023/A:1008678014487
Maria Handjieva, STAN: A Static Analyzer for CLP(R) Based on Abstract Interpretation static analysis symposium. pp. 383- 384 ,(1996)
Frederick Chi-Tak Chow, A portable machine-independent global optimizer--design and measurements Stanford University. ,(1984)
Utpal K. Banerjee, Dependence analysis for supercomputing ,(1988)
Alexander Aiken, Manuel Fähndrich, Jeffrey S. Foster, Zhendong Su, A Toolkit for Constructing Type- and Constraint-Based Program Analyses Lecture Notes in Computer Science. pp. 78- 96 ,(1998) , 10.1007/BFB0055513
Alexander Aiken, Set Constraints: Results, Applications, and Future Directions principles and practice of constraint programming. pp. 326- 335 ,(1994) , 10.1007/3-540-58601-6_110
Clark Verbrugge, Phong Co, Laurie Hendren, Generalized Constant Propagation a study in C Lecture Notes in Computer Science. pp. 74- 90 ,(1996) , 10.1007/3-540-61053-7_54