See this document in CiteSeerX!

A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities (2000)  (Make Corrections)  (72 citations)
David Wagner, Jeffrey S. Foster, Eric A. Brewer, Alexander Aiken



  Home/Search   Context   Related

 
View or download:
Berkeley.EDU/~jfoster/pa...ndss00.ps.gz
berkeley.edu/~daw/...overrunsndss00.ps
Cached:  PS.gz  PS  PDF   Image  Update  Help

From:  Berkeley.EDU/~jfoster/ (more)
(Enter author homepages)

Rate this article: (best)
  Comment on this article  
(Enter summary)

Abstract: We describe a new technique for finding potential buffer overrun vulnerabilities in security-critical C code. The key to success is to use static analysis: we formulate detection of buffer overruns as an integer range analysis problem. One major advantage of static analysis is that security bugs can be eliminated before code is deployed. We have implemented our design and used our prototype to find new remotely-exploitable vulnerabilities in a large, widely deployed software package. An earlier ... (Update)

Cited by:   More
A Next-Generation Platform for Analyzing Executables - Reps Balakrishnan Lim   (Correct)
Intermediate-Representation Recovery from Low-Level Code - Thomas Reps Gogul   (Correct)
WYSINWYX: What You See Is Not What You eXecute - Balakrishnan Reps Melski   (Correct)

Similar documents (at the sentence level):
35.9%:   Static Analysis and Computer Security: . . . - Wagner (2000)   (Correct)

Active bibliography (related documents):   More   All
5.3:   A First Step Towards Automated Detection of Buffer.. - Wagner, Foster.. (2000)   (Correct)
0.3:   A Framework To Analyse Synchronous Data-Flow Specifications - Nebut, al. (2001)   (Correct)
0.3:   Formal Language, Grammar and Set-Constraint-Based Program.. - Cousot, Cousot (1995)   (Correct)

System load high. Please wait...
Timeout. Please try your query later.
Similar documents based on text:   More   All
0.5:   Improving Security Using Extensible Lightweight Static Analysis - Evans, Larochelle (2002)   (Correct)
0.4:   Analyzing Programs for Vulnerability to Buffer Overrun Attacks - Ghosh, O'Connor (1998)   (Correct)
0.4:   Analyzing String Buffers in C - Simon, King (2002)   (Correct)

Related documents from co-citation:   More   All
26:   Stackguard: Automatic adaptive detection and prevention of buffer-overflow attac.. - Cowan, Pu et al. - 1998
18:   Statically Detecting Likely Buffer Overflow Vulnerabilities - Larochelle, Evans - 2001
17:   CCured: Type-safe retrofitting of legacy code - Necula, McPeak et al. - 2002

BibTeX entry:   (Update)

D. Wagner, J. Foster, E. Brewer, and A. Aiken. A first step towards automated detection of buffer overrun vulnerabilities. In Network and Distributed System Security Symposium, San Diego, CA, February 2000. http://citeseer.ist.psu.edu/article/wagner00first.html   More

@inproceedings{ wagnerfirst,
    author = "David Wagner and Jeffrey S. {FOster} and Eric A. Brewer and Alexander Aiken",
    title = "A First Step towards Automated Detection of Buffer Overrun Vulnerabilities",
    pages = "3--17",
    url = "citeseer.ist.psu.edu/article/wagner00first.html" }
Citations (may not include all citations):
299   Dependence analysis for supercomputing (context) - Banerjee - 1988
250   Automatic Discovery of Linear Restraints among Variables of .. - Cousot, Halbwachs - 1978
152   An Efficient Method of Computing Static Single Assignment Fo.. (context) - Cytron, Ferrante et al.
142   Constraint propagation with interval labels (context) - Davis - 1987
141   StackGuard: Automatic Adaptive Detection and Prevention of B.. - Cowan, Pu et al. - 1998
137   The Design and Implementation of a Certifying Compiler - Necula, Lee
110   Eliminating array bound checking through dependent types - Xi, Pfenning
97   Consistency techniques for numeric CSPs (context) - Lhomme - 1993
88   Static detection of dynamic memory errors - Evans
84   Efficient and Exact Data Dependence Analysis (context) - Maydan, Hennessy et al.
75   Verification of linear hybrid systems by means of convex app.. - Halbwachs, Proy et al. - 1994
72   Putting pointer analysis to work - Ghiya, Hendren
66   Eliminating false data dependences using the Omega test (context) - Pugh, Wonnacott
63   LCLint: a tool for using specifications to check code - Evans, Guttag et al. - 1994
59   Compiler analysis of the value ranges for variables (context) - Harrison - 1977
55   Abstract debugging of higher-order imperative languages (context) - Bourdoncle
54   Static determination of dynamic properties of programs (context) - Cousot, Cousot - 1976
53   Constraint reasoning based on interval arithmetic: the toler.. (context) - Hyvonen - 1992
53   Deciding linear inequalities by computing loop residues (context) - Shostak - 1981
51   Extended Static Checking - Detlefs, Leino et al. - 1998
49   Type-Based Alias Analysis - Diwan, McKinley et al.
49   Constraint satisfaction using constraint logic programming (context) - Van Hentenryck, Simonis et al. - 1992
49   An empirical study of the reliability of Unix utilities - Miller, Fredricksen et al. - 1990
45   Efficient Detection of All Pointer and Array Access Errors - Austin, Breach et al.
43   the SUP-INF method for proving Presburger formulas (context) - Shostak - 1977
43   Fuzz revisited: a re-examination of the reliability of Unix .. - Miller, Koski et al. - 1995
42   Verification of real-time systems using linear relation anal.. - Halbwachs, Proy et al. - 1997
41   Implementation of array bound checker (context) - Sosuki, Ishihata
40   Optimizing array bound checks using flow analysis - Gupta - 1993
40   A portable machine-independent global optimizer---Design and.. (context) - Chow - 1983
39   Accurate Static Branch Prediction by Value Range Propagation - Patterson
39   The effects of precision of pointer analysis - Shapiro, Horwitz
32   A toolkit for constructing type- and constraint-based progra.. - Aiken, Fahndrich et al. - 1998
32   Optimization of range checking (context) - Markstein, Cocke et al. - 1982
32   Simple and fast algorithms for linear and integer programs w.. (context) - Hochbaum, Naor - 1994
26   Two easy theories whose combination is hard - Pratt - 1977
19   Series in Discrete Mathematics (context) - Schrijver, linear et al. - 1986
18   Improved algorithms for linear inequalities with two variabl.. (context) - Cohen, Megiddo - 1994
17   An automated approach for identifying potential vulnerabilit.. - Ghosh, O'Connor et al. - 1998
16   Generalized constant propagation: A study in C - Verbrugge, Co et al. - 1996
13   The SUP-INF method in Presburger arithmetic (context) - Bledsoe - 1974
13   Lint, a C program checker - Johnson - 1978
12   Linear programming with two variables per inequality in poly.. - Lueker, Megiddo et al. - 1990
9   Automatic testing of reactive systems - Raymond, Nicollin et al. - 1998
5   Bounds Checking for C (context) - Jones, Kelly
4   Abstract interpretation of constraint logic programs using c.. (context) - Handjieva - 1996
3   Set constraints: results, applications, and future direction.. - Aiken
3   Set based analysis and arithmetic (context) - Heintze
2   The Frame Pointer Overwrite (context) - Magazine - 1999
2   The poisoned NUL byte (context) - Kirch - 1998
2   strlcpy and strlcat---Consistent, Safe, String Copy and Conc.. (context) - Miller, de Raadt
2   STAN: A static analyzer for CLP(R) based on abstract interpr.. - Handjieva
2   Incomplete list of Unix vulnerabilities (context) - Helmer



The graph only includes citing articles where the year of publication is known.

Documents on the same site (http://HTTP.CS.Berkeley.EDU/~jfoster/):   More
Checking Programmer-Specified Non-Aliasing - Foster, Aiken (2001)   (Correct)
Flow-Sensitive Type Qualifiers - Foster, Terauchi, Aiken (2002)   (Correct)
Flow-Sensitive Type Qualifiers - Foster, Terauchi, Aiken (2002)   (Correct)

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC