A First Step towards Automated Detection of Buffer Overrun Vulnerabilities

by: David Wagner, Jeffrey S Foster, Eric A Brewer, Alexander Aiken

(February 2000), pp. 3-17.

View FullText article

CiteSeer (at Penn State), CiteSeer (at MIT), CiteSeer (at Zurich), CiteSeer (at Singapore)

Reviews [Write a review of this article]

There are no reviews of this article

Find related articles from these CiteULike users

martink, roylee, srccheck, zuleger

Find related articles with these CiteULike tags

boon, buffer_overflow, constraint_analysis, ndss00, no-tag, tools, types

Abstract

We describe a new technique for finding potential buffer overrun vulnerabilities in security-critical C code. The key to success is to use static analysis: we formulate detection of buffer overruns as an integer range analysis problem. One major advantage of static analysis is that security bugs can be eliminated before code is deployed. We have implemented our design and used our prototype to find new remotely-exploitable vulnerabilities in a large, widely deployed software package. An earlier ...

@inproceedings{citeulike:514510, abstract = {We describe a new technique for finding potential buffer overrun vulnerabilities in security-critical C code. The key to success is to use static analysis: we formulate detection of buffer overruns as an integer range analysis problem. One major advantage of static analysis is that security bugs can be eliminated before code is deployed. We have implemented our design and used our prototype to find new remotely-exploitable vulnerabilities in a large, widely deployed software package. An earlier ...}, address = {San Diego, CA}, author = {Wagner, David and Foster, Jeffrey S. and Brewer, Eric A. and Aiken, Alexander }, booktitle = {Network and Distributed System Security Symposium}, citeulike-article-id = {514510}, keywords = {boon, buffer\_overflow, constraint\_analysis, ndss00, tools}, month = {February}, pages = {3--17}, posted-at = {2008-02-08 11:46:21}, priority = {0}, title = {A First Step towards Automated Detection of Buffer Overrun Vulnerabilities}, url = {http://citeseer.ist.psu.edu/wagner00first.html}, year = {2000} }

RIS record

TY - CONF ID - citeulike:514510 L3 - citeulike-article-id:514510 N2 - We describe a new technique for finding potential buffer overrun vulnerabilities in security-critical C code. The key to success is to use static analysis: we formulate detection of buffer overruns as an integer range analysis problem. One major advantage of static analysis is that security bugs can be eliminated before code is deployed. We have implemented our design and used our prototype to find new remotely-exploitable vulnerabilities in a large, widely deployed software package. An earlier ... AD - San Diego, CA EP - 17 TI - A First Step towards Automated Detection of Buffer Overrun Vulnerabilities T2 - Network and Distributed System Security Symposium SP - 3 KW - boon KW - buffer_overflow KW - constraint_analysis KW - ndss00 KW - tools AU - Wagner, David AU - Foster, Jeffrey AU - Brewer, Eric AU - Aiken, Alexander PY - 2000/February// UR - http://citeseer.ist.psu.edu/wagner00first.html ER -

RIS BibTeX