Buffer overrun detection using linear programming and static analysis

13 years 9 months ago

Download www.cs.rutgers.edu

This paper addresses the issue of identifying buffer overrun vulnerabilities by statically analyzing C source code. We demonstrate a light-weight analysis based on modeling C string manipulations as a linear program. We also present fast, scalable solvers based on linear programming, and demonstrate techniques to make the program analysis context sensitive. Based on these techniques, we built a prototype and used it to identify several vulnerabilities in popular security critical applications. Categories and Subject Descriptors

Vinod Ganapathy, Somesh Jha, David Chandler, David

Real-time Traffic

Buffer Overrun Vulnerabilities | CCS 2003 | Linear Program | Program Analysis Context | Security Privacy |

claim paper

» Program Analysis Probably Counts

» Inferring Channel Buffer Bounds Via Linear Programming

» Testing static analysis tools using exploitable buffer overflows from open source code

» Protecting C programs from attacks via invalid pointer dereferences

» Comparing lexical analysis tools for buffer overflow detection in network software

» Using Type Qualifiers to Analyze Untrusted Integers and Detecting Security Flaws in C Prog...

» Filtering false alarms of buffer overflow analysis using SMT solvers

» Modular Protections against Noncontrol Data Attacks

Post Info
More Details (n/a)

Added	06 Jul 2010
Updated	06 Jul 2010
Type	Conference
Year	2003
Where	CCS
Authors	Vinod Ganapathy, Somesh Jha, David Chandler, David Melski, David Vitek

Comments (0)

Sciweavers

Buffer overrun detection using linear programming and static analysis

Buffer Overrun Vulnerabilities | CCS 2003 | Linear Program | Program Analysis Context | Security Privacy |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers