Sciweavers

NDSS
2000
IEEE

A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities

14 years 4 months ago
A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities
We describe a new technique for finding potential buffer overrun vulnerabilities in security-critical C code. The key to success is to use static analysis: we formulate detection of buffer overruns as an integer range analysis problem. One major advantage of static analysis is that security bugs can be eliminated before code is deployed. We have implemented our design and used our prototype to find new remotely-exploitable vulnerabilities in a large, widely deployed software package. An earlier hand audit missed these bugs.
David Wagner, Jeffrey S. Foster, Eric A. Brewer, A
Added 01 Aug 2010
Updated 01 Aug 2010
Type Conference
Year 2000
Where NDSS
Authors David Wagner, Jeffrey S. Foster, Eric A. Brewer, Alexander Aiken
Comments (0)