Publication:
Statically Detecting Likely Buffer Overflow Vulnerabilities

Thumbnail Image

Open/View Files

larochelle.pdf (122.02 KB)
 usenix01.html (232.82 KB)
 usenix_presentation.pdf (46.14 KB)
 usenix.ppt (176.5 KB)

Date

2001

Authors

Published Version

Published Version

http://www.usenix.org/events/sec01/larochelle.html

Journal Title

Journal ISSN

Volume Title

Publisher

The Harvard community has made this article openly available. Please share how this access benefits you.

Research Projects

Organizational Units

Journal Issue

Citation

David Larochelle, David Evans, Statically Detecting Likely Buffer Overflow Vulnerabilities, 2001 USENIX Security Symposium, Washington, D.C., August 13-17 2001.

Research Data

Abstract

Buffer overflow attacks may be today’s single most important security threat. This paper presents a new approach to mitigating buffer overflow vulnerabilities by detecting likely vulnerabilities through an analysis of the program source code. Our approach exploits information provided in semantic comments and uses lightweight and efficient static analyses. This paper describes an implementation of our approach that extends the LCLint annotation-assisted static checking tool. Our tool is as fast as a compiler and nearly as easy to use. We present experience using our approach to detect buffer overflow vulnerabilities in two security-sensitive programs.

Description

Other Available Sources

http://www.cs.virginia.edu/~drl7x/publications.html#usenix2001

Keywords

security, buffer overflow, static analysis

Terms of Use

This article is made available under the terms and conditions applicable to Other Posted Material (LAA), as set forth at Terms of Service

URI

http://nrs.harvard.edu/urn-3:HUL.InstRepos:5027549

Collections

HLS Scholarly Articles

Endorsement

Review

Supplemented By

Referenced By

Related Stories