Statically Detecting Likely Buffer Overflow Vulnerabilities

DSpace/Manakin Repository

Statically Detecting Likely Buffer Overflow Vulnerabilities

Citable link to this page

. . . . . .

Title: Statically Detecting Likely Buffer Overflow Vulnerabilities
Author: Larochelle, David; Evans, David

Note: Order does not necessarily reflect citation order of authors.

Citation: David Larochelle, David Evans, Statically Detecting Likely Buffer Overflow Vulnerabilities, 2001 USENIX Security Symposium, Washington, D.C., August 13-17 2001.
Full Text & Related Files:
Abstract: Buffer overflow attacks may be today’s single most important security threat. This paper presents a new approach to mitigating buffer overflow vulnerabilities by detecting likely vulnerabilities through an analysis of the program source code. Our approach exploits information provided in semantic comments and uses lightweight and efficient static analyses. This paper describes an implementation of our approach that extends the LCLint annotation-assisted static checking tool. Our tool is as fast as a compiler and nearly as easy to use. We present experience using our approach to detect buffer overflow vulnerabilities in two security-sensitive programs.
Published Version: http://www.usenix.org/events/sec01/larochelle.html
Other Sources: http://www.cs.virginia.edu/~drl7x/publications.html#usenix2001
Terms of Use: This article is made available under the terms and conditions applicable to Other Posted Material, as set forth at http://nrs.harvard.edu/urn-3:HUL.InstRepos:dash.current.terms-of-use#LAA
Citable link to this page: http://nrs.harvard.edu/urn-3:HUL.InstRepos:5027549

Show full Dublin Core record

This item appears in the following Collection(s)

 
 

Search DASH


Advanced Search
 
 

Submitters