CSSV: Towards a realistic tool for statically detecting all buffer overflows in C

ACM SIGPLAN Notices

Volumn 38, Issue 5, 2003, Pages 155-167

  Dor, Nurit ^a   Rodeh, Michael ^b   Sagiv, Mooly ^a  

^a TEL AVIV UNIVERSITY   (Israel)

^b IBM HAIFA RESEARCH LAB   (Israel)

Author keywords

Abstract interpretation; Buffer overflow; Contracts; Error detection; Static analysis

Indexed keywords

ALGORITHMS; C (PROGRAMMING LANGUAGE); COMPUTER NETWORKS; COMPUTER SOFTWARE SELECTION AND EVALUATION; PROGRAM DIAGNOSTICS; RELIABILITY; SECURITY OF DATA; SEMANTICS;

ABSTRACT INTERPRETATION; BUFFER OVERFLOWS; C STRING STATIC VERIFIER; STATIC ANALYSIS;

ERROR DETECTION;

EID: 1442337851     PISSN: 03621340     EISSN: None     Source Type: Journal    
DOI: 10.1145/780822.781149     Document Type: Conference Paper

References (38)

1. T.M. Austin, S.E. Breach, and G.S. Sohi. Efficient detection of all pointer and array access errors. In SIGPLAN Conf. on Prog. Lang. Design and Impl. ACM Press, 1994.
2. R. Bodik, R. Gupta, and V. Sarkar. ABCD: eliminating array bounds checks on demand. In SIGPLAN Conf. on Prog. Lang. Design and Impl., 2000.
3. D. R. Chase, M. Wegman, and F. Zadeck. Analysis of pointers and structures. In SIGPLAN Conf. on Prog. Lang. Design and Impl., pages 296-310, New York, NY, 1990. ACM Press.
4. B. Chess. Improving computer security using extended static checking. In IEEE Symposium on Security and Privacy, 2002.
5. J. Choi, M. Gupta, M.J. Serrano, V.C. Sreedhar, and S.P. Midkiff. Escape analysis for java. In Conf. on Object-Oriented Prog. Syst. Lang. and App., pages 1-19, 1999.
6. P. Cousot and N. Halbwachs. Automatic discovery of linear constraints among variables of a program. In Symp. on Princ. of Prog. Lang., 1978.
7. C. Cowan, P. Wagle, C. Pu, S. Beattie, and J. Walpole. Buffer overflows: attacks and defenses for the vulnerability of the decade. In In Proc. of the DARPA Information Survivability Conference and Expo, 1999.
8. M. Das. Unification-based pointer analysis with directional assignments. In SIGPLAN Conf. on Prog. Lang. Design and Impl., 2000.
9. M. Das, B. Liblit, M. Fähndrich, and J. Rehof. Estimating the impact of scalable pointer analysis on optimization. In Static Analysis Symp., 2001.
10. A. Deutsch. Interprocedural may-alias analysis for pointers: Beyond k-limiting. In SIGPLAN Conf. on Prog. Lang. Design and Impl., pages 230-241, New York, NY, 1994. ACM Press.
11. E.W. Dijkstra. A Discipline of Programming. Prentice-Hall, 1976.
12. N. Dor. Statistically Detecting All Buffer Overflows in C. PhD thesis, Univ. of Tel-Aviv, Israel, 2003. In preparation.
13. N. Dor, M. Rodeh, and M. Sagiv. Cleanness checking of string manipulations in C programs via integer analysis. In Static Analysis Symp., 2001.
14. C. Flanagan, K. Rustan, and M. Leino. Houdini, an annotation assistant for Esc/java. In Formal Methods for Increasing Software Productivity, volume 2021 of Lecture Notes in Computer Science, 2001.
15. R. Ghiya, D. Lavery, and D. Sehr. On the importance of points-to analysis and other memory disambiguation methods for c programs. In SIGPLAN Conf. on Prog. Lang. Design and Impl., 2001.
16. N. Halbwachs. Static Analysis of Linear Properties Invariantly Satisfied by the Numeric Variables of a program. PhD thesis, Grenoble University, 1979.
17. N. Halbwachs, Y.E. Proy, and P. Roumanoff. Verification of real-time systems using linear relation analysis. Formal Methods in System Design, 11(2):157-185, 1997.
18. N. Heintze and O. Tardieu. Ultra-fast aliasing analysis using cla: A million lines of c code in a second. In SIGPLAN Conf. on Prog. Lang. Design and Impl., 2001.
19. B. Jeannet. New polka library. Available at "http://www.irisa.fr/prive/Bertrand.Jeannet/newpolka.html".
20. B. W. Kernighan and D. M. Ritchie. The C programming language. Prentice-Hall, Englewood Cliffs, NJ 07632, USA, 1988.
21. P. Kolte and M. Wolfe. Elimination of redundant array subcript range checks. ACM SIGPLAN Notices, 30(6):270-278, 1995.
22. W. Landi. Interprocedural Aliasing in the Presence of Pointers. PhD thesis, Dept. of Comp. Sci., Rutgers Univ., 1991.
23. D. Larochelle and D. Evans. Statically detecting likely buffer overflow vulnerabilities. In 10th USENIX Security Symposium, 2001.
24. G. Leavens and A. Baker. Enhancing the pre- and postcondition technique for more expressive specifications. In Formal Methods, 1999.
25. D. Liang and M. J. Harrold. Efficient computation of parameterized pointer information for interprocedural analyses. In Static Analysis Symp., 2001.
26. A. Loginov, S. Yong, S. Horwitz, and T. Reps. Debugging via run-time type checking. In Proc. of Fundamental Approaches to Softw. Eng. (FASE), April 2001.
27. T.J. Marlowe and B. G. Ryder. An efficient hybrid algorithm for incremental data flow analysis. In Symp. on Princ. of Prog. Lang., 1990.
28. B. Miller, D. Koski, C. Lee, V. Maganty, R. Murthy, A. Natarajan, and J. Steidl. Fuzz revisited: A re-examination of the reliability of Unix utilities and services, 1995. Available at http://www.cs.wisc.edu/~bart/fuzz/fuzz.html.
29. C. Morgan. Programming from Specifications. Prentice-Hall, Engelwood N.J, 1990.
30. E.W. Myers. A precise inter-procedural data flow algorithm. In Symp. on Princ. of Prog. Lang., 1981.
31. Inc. Rational. Purify software. Available at "http://www.rational.com", 1995.
32. Microsoft Research. AST-toolkit. 2002.
33. R. Rugina and M.C. Rinard. Symbolic bounds analysis of pointers, array indices, and accessed memory regions. In SIGPLAN Conf. on Prog. Lang. Design and Impl., 2000.
34. B. G. Ryder, W. A. Landi, P. A. Stocks, S. Zhang, and R. Altucher. A schema for interprocedural modification side-effect analysis with pointer aliasing. ACM Transactions on Programming Languages and Systems, 23(2):105-186, 2001.
35. A. Simon and A. King. Analyzing string buffers in c. In International Conference on Algebraic Methodology and Software Technology, 2000.
36. B. Steensgaard. Points-to analysis in almost-linear time. In Symp. on Princ. of Prog. Lang., pages 32-41, 1996.
37. D. Wagner, J. Foster, E. Brewer, and A. Aiken. A first step towards automated detection of buffer overrun vulnerabilities. In Symp. on Network and Distributed Systems Security, 2000.
38. G. Yorsh. CoreC: A Simplifier for C, 2002. http://www.cs.tau.ac.il/~gretay/GFC.htm.