This paper describes the design and implementation of a lightweight static security analyzer that exploits the compilation process of the gcc compiler. The tool is aimed at giving...
This paper addresses the issue of identifying buffer overrun vulnerabilities by statically analyzing C source code. We demonstrate a light-weight analysis based on modeling C stri...
Vinod Ganapathy, Somesh Jha, David Chandler, David...
This paper describes an extension to abuse-casebased security requirements analysis that provides a lightweight means of increasing assurance in security relevant software. The ap...
We describe a method for finding security flaws in source code by way of static analysis. The method is notable because it allows a user to specify a wide range of security proper...