Using Type Qualifiers to Analyze Untrusted Integers and Detecting Security Flaws in C Programs

14 years 25 days ago

Download nob.cs.ucdavis.edu

Incomplete or improper input validation is one of the major sources of security bugs in programs. While traditional approaches often focus on detecting string related buffer overflow vulnerabilities, we present an approach to automatically detect potential integer misuse, such as integer overflows in C programs. Our tool is based on CQual, a static analysis tool using type theory. Our techniques have been implemented and tested on several widely used open source applications. Using the tool, we found known and unknown integer related vulnerabilities in these applications.

Ebrima N. Ceesay, Jingmin Zhou, Michael Gertz, Kar

Real-time Traffic

Buffer Overflow Vulnerabilities | DIMVA 2006 | DIMVA 2007 | Integer | Potential Integer Misuse |

claim paper

Post Info
More Details (n/a)

Added	30 Oct 2010
Updated	30 Oct 2010
Type	Conference
Year	2006
Where	DIMVA
Authors	Ebrima N. Ceesay, Jingmin Zhou, Michael Gertz, Karl N. Levitt, Matt Bishop

Comments (0)

Sciweavers

Using Type Qualifiers to Analyze Untrusted Integers and Detecting Security Flaws in C Programs

Buffer Overflow Vulnerabilities | DIMVA 2006 | DIMVA 2007 | Integer | Potential Integer Misuse |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers