Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
IEEEARES
2008
IEEE
2008
IEEE
A Lightweight Security Analyzer inside GCC
This paper describes the design and implementation of a lightweight static security analyzer that exploits the compilation process of the gcc compiler. The tool is aimed at giving to programmers useful and precise hints for improving the security of the developed software, while also detecting format string vulnerabilities, buffer overflows, and subtle vulnerabilities due to incorrect arithmetic and conversion on integers. The experimented technique is a combination of the taint analysis concept and of a value range propagation algorithm. The experimental results obtained by analyzing some real-world security critical programs show that the tool is only slightly heavier than pure compilation, and that it is able to detect known vulnerabilities, as well as unknown ones. Moreover, even if false positives are given, many of the warnings that do not correspond to vulnerabilities are indeed instances of unsafe programming practices, which can be avoided by applying a defensive programming...
Real-time TrafficFormat String Vulnerabilities | IEEEARES 2008 | Security Privacy | Static Security Analyzer | Subtle Vulnerabilities |
| Added | 31 May 2010 |
| Updated | 31 May 2010 |
| Type | Conference |
| Year | 2008 |
| Where | IEEEARES |
| Authors | Davide Pozza, Riccardo Sisto |
Comments (0)
Researcher Info
|
