Sciweavers

CCS
2003
ACM

Buffer overrun detection using linear programming and static analysis

14 years 5 months ago
Buffer overrun detection using linear programming and static analysis
This paper addresses the issue of identifying buffer overrun vulnerabilities by statically analyzing C source code. We demonstrate a light-weight analysis based on modeling C string manipulations as a linear program. We also present fast, scalable solvers based on linear programming, and demonstrate techniques to make the program analysis context sensitive. Based on these techniques, we built a prototype and used it to identify several vulnerabilities in popular security critical applications. Categories and Subject Descriptors
Vinod Ganapathy, Somesh Jha, David Chandler, David
Added 06 Jul 2010
Updated 06 Jul 2010
Type Conference
Year 2003
Where CCS
Authors Vinod Ganapathy, Somesh Jha, David Chandler, David Melski, David Vitek
Comments (0)