Using type qualifiers to analyze untrusted integers and detecting security flaws in C programs

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 4064 LNCS, Issue , 2006, Pages 1-16

  Ceesay, Ebrima N ^a   Zhou, Jingmin ^a   Gertz, Michael ^a   Levitt, Karl ^a   Bishop, Matt ^a  

^a UNIVERSITY OF CALIFORNIA   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

INTEGER PROGRAMMING; PROGRAM DEBUGGING; SECURITY OF DATA; STATISTICAL METHODS;

BUFFER OVERFLOW; OPEN SOURCE APPLICATIONS; SECURITY BUGS; STATIC ANALYSIS TOOL;

COMPUTER PROGRAMMING;

EID: 33746391935     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/11790754_1     Document Type: Conference Paper

References (31)

1. The ICAT team: Icat vulnerability statistics. http://icat.nist.gov/icat. cfm?function=statistics (2005)
2. Foster, J.S., Fhndrich, M., Aiken, A.: A theory of type qualifiers. In: Proceedings of ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'99), Atlanta, Georgia. (1999)
3. Shankar, U., Talwar, K., Foster, J.S., Wagner, D.: Detecting format string vulnerabilities with type qualifiers. In: Proceedings of the 10th Usenix Security Symposium, Washington, D.C. (2001)
4. Blexim: Basic integer overflows. Phrack Issue 0×3c, Phile 0×0a of 0×10 (2002)
5. CERT: Apache web server chunk handling vulnerability. Advisory CA-2002-17 (2002)
6. CERT: Openssh vulnerabilities in challenge response. Advisory CA-2002-18 (2002)
7. CERT: Integer overflow in sun rpc xdr library routines. Advisory CA-2003-10 (2003)
8. CERT: Apple quicktime contains an integer overflow in the "quicktime.qts" extension. Vulnerability Note VU#782958 (2004)
9. X-Force: Sendmail debugging function signed integer overflow. Vulnerability DB Entry 7016 (2001)
10. Chinchani, R., Iyer, A., Jayaraman, B., Upadhyaya, S.: Archerr: Runtime environment driven program safety. In: Proceedings of 9th European Symposium on Research in Computer Security. (1999)
11. Horovitz, O.: Big loop integer protection. Phrack Issue 0×3c, Phile 0×09 of 0×10 (2002)
12. Howard, M.: An overlooked construct and an integer overflow redux. http://msdn.microsoft.com/library/en-us/dncode/html/secure09112003.asp (2003)
13. Howard, M.: Reviewing code for integer manipulation vulnerabilities, http://msdn.microsoft.com/library/en-us/dncode/html/secure04102003.asp (2003)
14. LeBlanc, D.: Integer handling with the c++ safeint class, http://msdn.microsoft.com/1ibrary/en-us/dncode/html/secure01142004.asp (2004)
15. Biba, K.J.: Integrity considerations for secure computer system. Technical Report ESD-TR-76-372, MTR-3153, The MITRE Corporation, USAF Electronic Systems Division, Bedford, MA (1977)
16. Johnson, R., Wagner, D.: Finding user/kernel pointer bugs with type inference. In: Proceedings of the 13th USENIX Security Symposium, San Diego, CA. (2004)
17. Foster, J.S.: Type Qualifiers: Lightweight Specifications to Improve Software Quality. PhD thesis, University of California, Berkeley (2002)
18. Boutell.com: Gd graphics library, http://www.boutell.com/gd/ (2004)
19. Gentoo Linux: Gd: Integer overflow. Security Advisory GLSA 200411-08 (2004)
20. The rsync project: News for rsync 2.5.7. http://rsync.samba.org (2003)
21. Sirainen, T.: Possible security hole, http://www.mail-archive.com/ rsync@lists.samba.org/msg08271.html (2003)
22. The GNOME Project: Gnome imaging model - gdkpixbuf. http://developer. gnome.org/arch/imaging/gdkpixbuf.html (2003)
23. CERT: Gdkpixbuf xpm parser contains a heap overflow vulnerability. Vulnerability Note VU#729894 (2004)
24. CERT: Gdkpixbuf ico parser contains a integer overflow vulnerability. Vulnerability Note VU#577654 (2004)
25. CERT: Libtiff contains multiple heap-based buffer overflows. Vulnerability Note VU#948752 (2004)
26. Su, Z., Wagner, D.: A class of polynomially solvable range constraints for interval analysis without widenings and narrowings. In: Proceedings of Tenth Internal Conference on Tools and Algorithms for the Construction and Analysis of Systems. (2004)
27. Viega, J., Bloch, J.T., Kohno, T., McGraw, G.: ITS4: A static vulnerability scanner for C and C++ code. ACM Transactions on Information and System Security 5 (2002)
28. Secure Software Inc.: Rats: Rough auditing tool for security. http://www.securesw.com/rats.php (2002)
29. Wheeler, D.A.: Flawfinder. http://www.dwheeler.com/flawfinder/ (2001)
30. Evans, D.: Static detection of dynamic memory errors. In: Proceedings of the 1996 ACM Conference on Programming Language Design and Implementation (SIGPLAN). (1996) 44-53
31. Ashcraft, K., Engler, D.R.: Using programmer-written compiler extensions to catch security holes. In: Proceedings of IEEE Symposium on Security and Privacy. (2002) 143-159