Static analysis for security

IEEE Security and Privacy

Volumn 2, Issue 6, 2004, Pages 76-79

  Chess, Brian ^a   Mcgraw, Gary ^a  

^a Fortify Software ^*  (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ABSTRACT SYNTAX TREE (AST); LEXICAL ANALYSIS TOOLS; MODULE-LEVEL ANALYSIS; STATIC ANALYSIS;

COMPUTER ARCHITECTURE; COMPUTER PROGRAMMING; COMPUTER SOFTWARE; MATHEMATICAL MODELS; RISK ASSESSMENT; SEMANTICS; SOFTWARE ENGINEERING; SPECIFICATIONS; TREES (MATHEMATICS);

SECURITY OF DATA;

EID: 10944267118     PISSN: 15407993     EISSN: None     Source Type: Journal    
DOI: 10.1109/MSP.2004.111     Document Type: Review

References (13)

1. D. Verndon and G. McGraw. "Risk Analysis in Software Design," IEEE Security & Privacy, vol. 2, no. 5, 2004, pp. 79-84.
2. G. McGraw, "Software Security," IEEE Security & Privacy, vol. 2, no. 2, 2004, pp. 80-83.
3. M. Bishop and M. Dilger, "Checking for Race Conditions in File Accesses," Computing Systems, vol. 9, no. 2, 1996, pp. 131-152.
4. D. Wagner et al., "A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities," Proc. 7th Network and Distributed System Security Symp. (NDSS 00), Internet Soc., 2000, pp. 3-17.
5. J. Foster, T. Terauchi, and A. Aiken, "Flow-Sensitive Type Qualifiers," Proc. ACM Conf. Programming Language Design and Implementation (PLDI 02), ACM Press, 2002, pp. 1-12.
6. K. Ashcraft and D. Engler, "Using Programmer-Written Compiler Extensions to Catch Security Holes," Proc. IEEE Symp. Security and Privacy, IEEE CS Press, 2002, pp. 131-147.
7. B. Chess, "Improving Computer Security using Extended Static Checking," Proc. IEEE Symp. Security and Privacy, IEEE CS Press, 2002, pp. 118-130.
8. H. Chen and D. Wagner, "MOPS: An Infrastructure for Examining Security Properties of Software," Proc. 9th ACM Conf. Computer and Communications Security (CCS 02), ACM Press, 2002, pp. 235-244.
9. D. Larochelle and D. Evans, "Statically Detecting Likely Buffer Overflow Vulnerabilities," Proc. 10th Usenix Security Symp. (Usenix 01), Usenix Assoc., 2001, pp. 177-189.
10. M. Das, S. Lerner, and M. Seigle, "ESP: Path-Sensitive Program Verification in Polynomial Time," Proc. ACM Conf. Programming Language Design and Implementation (PLDI 02), ACM Press, 2002, pp. 57-68.
11. T. Ball and S.K. Rajamani, "Automatically Validating Temporal Safety Properties of Interfaces," Proc. 8th Int'l SPIN Workshop on Model Checking of Software, LNCS 2057, Springer-Verlag, 2001, pp. 103-122.
12. T.A. Henzinger et al., "Software Verification with Blast," Proc. 10th Int'l Workshop Model Checking of Software, LNCS 2648, Springer-Verlag, 2003, pp. 235-239.
13. D. Hovemeyer and W. Pugh, "Finding Bugs is Easy," to appear in Companion of the 19th Ann. ACM Conf. Object-Oriented Programming, Systems, Languages, and Applications, ACM Press, 2004.