Using programmer-written compiler extensions to catch security holes

@inproceedings{citeulike:801510, abstract = {This paper shows how system-specific static analysis can find security errors that violate rules such as "integers from untrusted sources must be sanitized before use" and "do not dereference user-supplied pointers." In our approach, programmers write system-specific extensions that are linked into the compiler and check their code for errors. We demonstrate the approach's effectiveness by using it to find over 100 security errors in Linux and OpenBSD, over 50 of which have led to kernel...}, author = {Ashcraft, K. and Engler, D. }, booktitle = {Proceedings of the 2002 IEEE Symposium on Security and Privacy}, citeulike-article-id = {801510}, keywords = {defect\_search, defects, mc, tainted\_buffer, tainted\_value, to\_close}, month = {May}, pages = {143--159}, posted-at = {2008-02-06 11:24:19}, priority = {0}, title = {Using programmer-written compiler extensions to catch security holes}, url = {http://citeseer.ist.psu.edu/ashcraft02using.html}, year = {2002} }

TY - CONF ID - citeulike:801510 L3 - citeulike-article-id:801510 N2 - This paper shows how system-specific static analysis can find security errors that violate rules such as "integers from untrusted sources must be sanitized before use" and "do not dereference user-supplied pointers." In our approach, programmers write system-specific extensions that are linked into the compiler and check their code for errors. We demonstrate the approach's effectiveness by using it to find over 100 security errors in Linux and OpenBSD, over 50 of which have led to kernel... EP - 159 TI - Using programmer-written compiler extensions to catch security holes T2 - Proceedings of the 2002 IEEE Symposium on Security and Privacy SP - 143 KW - defect_search KW - defects KW - mc KW - tainted_buffer KW - tainted_value KW - to_close AU - Ashcraft, K AU - Engler, D PY - 2002/May// UR - http://citeseer.ist.psu.edu/ashcraft02using.html ER -