Analyzing string buffers in C

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 2422, Issue , 2002, Pages 365-380

  Simon, Axel ^a   King, Andy ^a  

^a UNIVERSITY OF KENT   (United Kingdom)

Author keywords

[No Author keywords available]

Indexed keywords

ARTIFICIAL INTELLIGENCE; COMPUTER SCIENCE; COMPUTERS;

ABSTRACT INTERPRETATIONS; BUFFER OVERRUN; C PROGRAMS; MATHEMATICAL BASIS; POINTER ANALYSIS; SECURITY PROBLEMS; SECURITY VULNERABILITIES;

C (PROGRAMMING LANGUAGE);

EID: 84944042418     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/3-540-45719-4_25     Document Type: Conference Paper

References (24)

1. L. Andersen. Program Analysis and Specialization for the C Programming Language. PhD thesis, Datalogisk Institut Kobenhavns Universitet, 1994. 367, 368
2. A. Baratloo, N. Singh, and T. Tsai. Transparent Run-Time Defense Against Stack- Smashing Attacks. In Ninth USENIX Security Symposium, 2000. 377, 378
3. V. Chandru and M. R. Rao. Linear programming. In Algorithms and Theory of Computation Handbook. CRC Press, 1999. 370
4. P. Cousot and N. Halbwachs. Automatic Discovery of Linear Constraints among Variables of a Program. In Proceedings of Principles of Programming Languages, pages 84–97. ACM Press, 1978. 366, 370, 371, 377
5. C. Cowan, P. Wagle, C. Pu, S. Beattie, and J. Walpole. Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade. In Information Survivability Conference and Exposition, volume 2, pages 154–163. IEEE Press, 1998. 365
6. R. Crew. ASTLOG: A Language for Examining Abstract Syntax Trees. In Conference on Domain-Specific Languages, pages 229–242. USENIX Association, 1997. 378
7. B. De Backer, and H. Beringer. A CLP language handling disjunctions of linear constraints. In International Conference on Logic Programming, pages 550–563. MIT Press, 1993. 370
8. N. Dor, M. Rodeh, and M. Sagiv. Cleanness Checking of String Manipulations in C Programs via Integer Analysis. In Static Analysis Symposium, volume 2126 of LNCS, pages 194–212. Springer-Verlag, 2001. 366, 367, 377, 378
9. M. Emami, R. Ghiya, and L. Hendren. Context-sensitive interprocedural analysis in the presence of function pointers. In Programming Language Design and Implementation, pages 242–256, June 1994. 367
10. C. Cowan et al. Stackguard: Automatic adaptive detection and prevention of buffer-overflow attacks. In USENIX Security Symposium, pages 63–78, 1998. 377, 378
11. A. Ghosh, T. O’Connor, and G. McGraw. An Automated Approach for Identifying Potential Vulnerabilities in Software. In IEEE Symposium on Security and Privacy, pages 104–114. IEEE Computer Society, 1998. 365, 377
12. D. Larochelle and D. Evans. Statically Detecting likely Buffer Overflow Vulnerabilities. In Tenth USENIX Security Symposium. USENIX Association, 2001. 366, 377, 378
13. D. Larochelle and D. Evans. Improving Security Using Extensible Lightweight Static Analysis. IEEE Software, 19(1): 42–51, 2002. 366, 377
14. B. Miller, L. Fredrikson, and B. So. An Empirical Study of the Reliability of UNIX Utilities. Communications of the ACM, 33(12): 32–44, 1990. 365
15. T. C. Miller and T. de Raadt. strlcpy and strlcat – Consistent, Safe, String Copy and Concatenation. In USENIX Annual Technical Conference, 1999. 365, 366
16. A. Miné. A New Numerical Abstract Domain Based on Difference-Bound Matrices. In Programs as Data Objects, volume 2053 of LNCS, pages 155–172, 2001. 378
17. A. One. Smashing the Stack for Fun and Profit. Phrack Magazine, 7(49). 365
18. N. Papaspyrou. A Formal Semantics for the C Programming Language. PhD thesis, National Technical University of Athens, 1998. 368
19. R. T. Rockafellar. Convex Analysis. Princeton University Press, 1970. 370
20. B. Snow. Panel Discussion on the Future of Security. In IEEE Symposium on Security and Privacy. IEEE Computer Society, 1999. 365
21. B. Steensgaard. Points-to Analysis in Almost Linear Time. In Principles of Programming Languages, pages 32–41. ACM Press, 1996. 367, 372
22. J. Viega, J. T. Bloch, T. Kohno, and G. McGraw. ITS4: A Static Vulnumerability Scanner for C and C++ Code. In Sixteenth Annual Computer Security Applications Conference, 2000. 377
23. D. Wagner, J. S. Foster, E. A. Brewer, and A. Aiken. A First Step Towards Detection of Buffer Overrun Vulnerabilities. In Network and Distributed System Security Symposium. Internet Society, 2000. 366, 377
24. D. Weise. Static Analysis of Mega-Programs. In Static Analysis Symposium, volume 1694 of LNCS, pages 300–302. Springer-Verlag, 1999. 365