Marple: a demand-driven path-sensitive buffer overflow detector

11 years 11 days ago
Marple: a demand-driven path-sensitive buffer overflow detector
Despite increasing efforts in detecting and managing software security vulnerabilities, the number of security attacks is still rising every year. As software becomes more complex, security vulnerabilities are more easily introduced into a system and more difficult to eliminate. Even though buffer overflow detection has been studied for more than 20 years, it is still the most commonly exploited vulnerability. In this paper, we develop a static analyzer for detecting and helping diagnose buffer overflows with the key idea of categorizing program paths as they relate to vulnerability. We combine path-sensitivity with a demand-driven analysis for precision and scalability. We first develop a vulnerability model for buffer overflow and then use the model in the development of the demand-driven path-sensitive analyzer. We detect and identify categories of paths including infeasible, safe, vulnerable, overflow-input-independent and don't-know. The categorization enables priorities to ...
Wei Le, Mary Lou Soffa
Added 20 Nov 2009
Updated 20 Nov 2009
Type Conference
Year 2008
Authors Wei Le, Mary Lou Soffa
Comments (0)