A rule-based security auditing tool for software vulnerability detection

Proceedings - 2006 International Conference on Hybrid Information Technology, ICHIT 2006

Volumn 2, Issue , 2006, Pages 505-512

  Moohun, Lee ^a   Sunghoon, Cho ^a   Changbok, Jang ^a   Heeyong, Park ^a   Euiin, Choi ^a  

^a Hannam University   (South Korea)

Author keywords

[No Author keywords available]

Indexed keywords

MALICIOUS CODE; PERSONAL INFORMATION; SECURITY AUDITING TOOL; SOFTWARE VULNERABILITY;

CODES (SYMBOLS); COMPUTER SOFTWARE; COMPUTER VIRUSES; INFORMATION USE; LOGIC PROGRAMMING; UBIQUITOUS COMPUTING;

SECURITY OF DATA;

EID: 34247267667     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ICHIT.2006.253653     Document Type: Conference Paper

References (22)

1. A. Dekok, PScan. Striker-On-Line. www. striker. Ottawa. on.ca/~aland/pscan/, Oct28, 2003.
2. "BLAST User's Manual", May 16, 2004. http://www-cad.eecs. berkeley.edu/~tah/blast/
3. C. Cowan, S. Seattle, J. Johansen, and P. Wagle, "PointGuard: Protecting Pointers From Buffer Overflow Vulnerabilities", In Proceedings of the 12th USENIX Security Symposium, pages 91-104, August 2003.
4. C. Cowan, S. Beattie, C. Wright, G. Kroah-Hartman, "RaceGuard: Kernel Protection From Temporary File Race Vulnerabilities", In Proceedings of the 10th USENIX Security Symposium, Washington, DC, August, 2001.
5. Crispin Cowan, Perry Wagle an Calton Pu, Steve Beattie, and Jonathan Walpole. Buffer "Overflows: attacks and defenses for the vulnerability of the decade", In Proc. of the DARPA Information Survivability Conference and Expo, 1999.
6. Crispin Cowan, Calton Pu, Dave Maier, Heather Hinton, Peat Bakke, Steve Beattie, Aaron Grier, Perry Wagle, and Qian Zhang, "StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks", In 7th USENIX Security Conference, pages 63-77, San Antonio, TX, January 1998.
7. D. Wagner, J. Foster, E. Brewer, and A. Aiken, "A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities", In Proceedings of the 2000 Network and Distributed Security Symposium, San Diego, CA, Feb. 3-4, 2000.
8. D. Wheeler, Flawfinder. www.dwheeler.com/flawfinder/, Oct. 28, 2003.
9. D. Wheeler, Secure Programming for Linux and Unix HawTo. www.dwheeler.com/secureprograms/, Oct. 28, 2003.
10. H. Schildt, C: The Complete Reference, 4th Edition. McGraw-Hill, Berkeley, CA, 2000, 309-382.
11. Hao Chen, David Wagner and David Schultz at Computer Science Division, UC Berkeley, "MOPS User's Manual"
12. Hao Chen and David Wagner University of California at Berkeley "MOPS: an Infrastructure for Examining Security Properties of Software"
13. Hao Chen, David Wagner, and Robert Johnson, "Model Checking Software for Security Violations", Short talk at 2001, IEEE Symposium on Security and Privacy.
14. Howard. M. and LeBlanc, D. Writing, Secure Code. Microsoft Press, Redmond, WA, 2002, 63-88.
15. Jay-Evan J. Tevis, John A. Hamilton, "Methods for the prevention, detection and removal of software security vulnerabilities", ACM Southeast Regional Conference 2004, 197-202.
16. John Viega, J.T. Bloch, Tadayoshi Kohno, Gary McGraw Reliable Software Technologies, "ITS4: A Static Vulnerability Scanner for C and C++ Code", http://www.rstcorp.com.
17. J. Viega, and G. McGraw, Building Secure Software, Addison-Wesley, Boston, MA, 2002, 127-133.
18. K. Wall, M. Watson, and M. Whitis, Linux Programming Unleashed. Sams Publishing, Indianapolis, IN, 1999, 642-661.
19. M. Bishop and M. Digler, "Checking for Race Conditions in File Accesses", Computing Systems, 9(2): 131-152, Spring 1996.
20. Secure Software, Rough Auditing Tool for Security (RATS), Secure Software Inc. www.securesoftware.com, Oct. 28, 2003.
21. Thomas A. Henzinger, Ranjit Jhala, Rupak Majumdar and Gregoire Sutre, "Lazy Abstraction", In ACM SIGPLAN-SIGACT Conference on Principles of Programming Languages, pages 58-70, 2002.
22. Thomas A. Henzinger, Ranjit Jhala, Rupak Majumdar, and Gregoire Sutre, "Software Verification with Blast", Proceedings of the 10th SPIN Workshop on Model Checking Software (SPIN), Lecture Notes in Computer Science 2648, Springer-Verlag, pages 235-239, 2003.