Finding user/kernel pointer bugs with type inference

Proceedings of the 13th USENIX Security Symposium

Volumn , Issue , 2004, Pages

  Johnson, Rob ^a   Wagner, David ^a  

^a UNIVERSITY OF CALIFORNIA   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER AIDED SOFTWARE ENGINEERING; LINUX;

CONTEXT SENSITIVITY; FALSE POSITIVE; INFERENCE TOOLS; LINUX KERNEL; PROGRAM ANALYSIS; SENSITIVE DATAS; TYPE INFERENCES; TYPE QUALIFIERS;

PROGRAM DEBUGGING;

EID: 85084161650     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (16)

1. Thomas Ball and Sriram K. Rajamani. The SLAM Project: Debugging System Software via Static Analysis. In Proceedings of the 29th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 1-3, Portland, Oregon, January 2002.
2. Pete Broadwell, Matt Harren, and Naveen Sastry. Scrash: A System for Generating Secure Crash Information. In Proceedings of the 12th Usenix Security Symposium, Washington, DC, August 2003.
3. Hao Chen and David Wagner. MOPS: an infrastructure for examining security properties of software. In Proceedings of the 9th ACM Conference on Computer and Communications Security, pages 235-244, Washington, DC, November 18-22, 2002.
4. Martin Elsman, Jeffrey S. Foster, and Alexander Aiken. Carillon - A System to Find Y2K Problems in C Programs, 1999. http://bane.cs.berkeley.edu/carillon.
5. David Evans. LCLint User's Guide, February 1996.
6. Jeff Foster, Rob Johnson, John Kodumal, and Alex Aiken. Flow-Insensitive Type Qualifiers. ACM Transactions on Programming Languages and Systems. Submitted for publication.
7. Jeffrey Scott Foster. Type Qualifiers: Lightweight Specifications to Improve Software Quality. PhD thesis, University of California, Berkeley, December 2002.
8. Thomas A. Henzinger, Ranjit Jhala, Rupak Majumdar, and Gregoire Sutre. Lazy abstraction. In Symposium on Principles of Programming Languages, pages 58-70, 2002.
9. Secure Software Inc. RATS download page. http://www.securesw.com/auditing-tools-download.htm.
10. George Necula, Scott McPeak, and Westley Weimer. CCured: Type-Safe Retrofitting of Legacy Code. In Proceedings of the 29th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 128-139, Portland, Oregon, January 2002.
11. Umesh Shankar, Kunal Talwar, Jeffrey S. Foster, and David Wagner. Detecting Format String Vulnerabilities with Type Qualifiers. In Proceedings of the 10th Usenix Security Symposium, Washington, D.C., August 2001.
12. Linus Torvalds. Managing kernel development, November 2003. http://www.linuxjournal.com/article.php?sid=7272.
13. John Viega, J.T. Bloch, Tadayoshi Kohno, and Gary McGraw. ITS4: A Static Vulnerability Scanner for C and C++ Code. In 16th Annual Computer Security Applications Conference, December 2000. http://www.acsac.org.
14. David Wagner, Jeffrey S. Foster, Eric A. Brewer, and Alexander Aiken. A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities. In Networking and Distributed System Security Symposium 2000, San Diego, California, February 2000.
15. Junfeng Yang, Ted Kremenek, Yichen Xie, and Dawson Engler. MECA: an extensible, expressive system and language for statically checking security properties. In Proceedings of the 10th ACM conference on Computer and communication security, pages 321-334. ACM Press, 2003.
16. Xiaolan Zhang, Antony Edwards, and Trent Jaeger. Using CQUAL for Static Analysis of Authorization Hook Placement. In Proceedings of the 11th Usenix Security Symposium, San Francisco, CA, August 2002.