Improving software security with a C pointer analysis

Proceedings - International Conference on Software Engineering

Volumn 2005, Issue , 2005, Pages 332-341

  Avots, Dzintars ^a   Dalton, Michael ^a   Livshits, V Benjamin ^a   Lam, Monica S ^a  

^a Stanford University   (United States)

Author keywords

Buffer overflows; Context sensitive; Dynamic analysis; Error detection; Format string violations; Pointer analysis; Program analysis; Security flaws; Software security; Type safety

Indexed keywords

BUFFER OVERFLOWS; FORMAT STRING VIOLATIONS; POINTER ANALYSIS; PROGRAM ANALYSIS; SECURITY FLAWS; SOFTWARE SECURITY;

BUFFER STORAGE; CONTEXT SENSITIVE LANGUAGES; SECURITY OF DATA; SEMANTICS; STATISTICAL METHODS;

COMPUTER SOFTWARE;

EID: 33244470892     PISSN: 02705257     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ICSE.2005.1553576     Document Type: Conference Paper

References (25)

1. G. Aigner, A. Diwan, D. Heine, M. Lam, D. Moore, B. Murphy, and C. Sapuntzakis. An overview of the SUIF2 compiler infrastructure. Technical report, Stanford University, 2000.
2. L. O. Andersen. Program analysis and specialization for the C programming language. PhD thesis, University of Copenhagen, 1994.
3. M. Berndl, O. Lhotk, F. Qian, L. Hendren, and N. Umanee. Points-to analysis using BDDs. In Proceedings of the ACM SIGPLAN 2003 Conference on Programming Language Design and Implementation, pages 103-114, 2003.
4. W. R. Bush, J. D. Pincus, and D. J. Sielaff. A static analyzer for finding dynamic programming errors. In Proceedings of Software Practice and Experience, pages 775-802, 2000.
5. CERT/CC. Advisories 2002. http://www.cert.org/advisories.
6. J.-D. Choi, M. Burke, and P. Carini. Efficient flow-sensitive interprocedural computation of pointer-induced aliases and side effects. In Proceedings of the 20th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 232-245, 1993.
7. M. Emami, R. Ghiya, and L. J. Hendren. Context-sensitive interprocedural points-to analysis in the presence of function pointers. In Proceedings of the ACM SIGPLAN 1994 Conference on Programming Language Design and Implementation, pages 242-256, 1994.
8. M. Fähndrich, J. S. Foster, Z. Su, and A. Aiken. Partial online cycle elimination in inclusion constraint graphs. In Proceedings of the 1998 ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 85-96, Montreal, Canada, June 1998.
9. S. Hallem, B. Chelf, Y. Xie, and D. Engler. A system and language for building system-specific, static analyses. In Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation, pages 69-82, June 2002.
10. N. Heintze and O. Tardieu. Ultra-fast aliasing analysis using CLA: A million lines of C code. In Proceedings of the ACM SIGPLAN'01 Conference on Programming Language Design and Implementation, pages 146-161, June 2001.
11. R. Jones and P. Kelly. Backwards-compatible bounds checking for arrays and pointers in C programs. In Proceedings of the International Workshop on Automatic Debugging, pages 13-26, May 1997.
12. W. Landi, B. G. Ryder, and S. Zhang. Interprocedural modification side effect analysis with pointer aliasing. In Proceedings of the ACM SIGPLAN 1993 Conference on Programming Language Design and Implementation, pages 56-67, 1993.
13. D. Liang, M. Pennings, and M. J. Harrold. Extending and evaluating flow-insensitive and context-insensitive points-to analyses for Java. In Proceedings of the 2001 ACM SIGPLAN-SIGSOFT Workshop on Program analysis for Software Tools and Engineering, pages 73-79, June 2001.
14. A. Rountev, A. Milanova, and B. Ryder. Points-to analysis for Java using annotated inclusion constraints. Technical Report DCS-TR-417, Department of Computer Science, Rutgers University, July 2000.
15. O. Ruwase and M. S. Lam. A practical dynamic buffer overflow detector. In Proceedings of the 11th Annual Network and Distributed System Security Symposium, pages 159-169, 2004.
16. B. Steensgaard. Points-to analysis in almost linear time. In Proceedings of the 23th Annual ACM Symposium on Principles of Programming Languages, pages 32-41, 1996.
17. J. D. Ullman. Principles of Database and Knowledge-Base Systems. Computer Science Press, Rockville, MD, volume II edition, 1989.
18. D. Wagner, J. Foster, E. Brewer, and A. Aiken. A first step towards automated detection of buffer overrun vulnerabilities. In Proceedings of Network and Distributed Systems Security Symposium, pages 3-17, February 2000.
19. J. Whaley and M. S. Lam. An efficient inclusion-based points-to analysis for strictly-typed languages. In Proceedings of the 9th International Symposium on Static Analysis, pages 180-195. Springer-Verlag, September 2002.
20. J. Whaley and M. S. Lam. Cloning-based context-sensitive pointer alias analysis using binary decision diagrams. In Proceedings of the ACM SIGPLAN 2004 Conference on Programming Language Design and Implementation, pages 131-144, June 2004.
21. J. Wilander and M. Kamkar. A comparison of publicly available tools for dynamic buffer overflow prevention. In Proceedings of the Network and Distributed System Security Symposium, pages 149-162, February 2003.
22. R. P. Wilson and M. S. Lam. Efficient context-sensitive pointer analysis for C programs. In Proceedings of the ACM SIGPLAN'90 Conference on Programming Language Design and Implementation, pages 1-12, June 1995.
23. S. H. Yong, S. Horwitz, and T. Reps. Pointer analysis for programs with structures and casting. In Proceedings of the ACM Conference on Programming Language Design and Implementation, pages 91-103, June 1999.
24. J. Zhu. Symbolic pointer analysis. In Proceedings of the International Conference in Computer-Aided Design, pages 150-157, November 2002.
25. J. Zhu and S. Calman. Symbolic pointer analysis revisited. In Proceedings of the ACM SIGPLAN 2004 Conference on Programming Language Design and Implementation, pages 145-157, June 2004.