Static Analysis Vinod Ganapathy, Somesh Jha University of Wisconsin-Madison...  Home/Search
Context
Related
| wisc.edu/wisa/paper...p351ganapathy.ps Cached: PS.gz PS PDF This document uses CoBlitz to cache paper downloads. If your firewall is blocking outgoing connections to port 3125, you can use these links to download local copies.
Image Update HelpPS.gz PS PDF From: wisc.edu/wisa/papers/index (more) (Enter author homepages) |
Rate this article:      (best)Comment on this article |
Abstract: This paper addresses the issue of identifying buffer overrun vulnerabilities by statically analyzing C source code. We demonstrate a light-weight analysis based on modeling C string manipulations as a linear program. We also present fast, scalable solvers based on linear programming, and demonstrate techniques to make the program analysis context sensitive. Based on these techniques, we built a prototype and used it to identify several vulnerabilities in popular security critical applications. (Update)
Active bibliography (related documents): More All
1.2: Buffer Overrun Detection Using Linear Programming.. - Ganapathy, Jha.. (2003) (Correct)
0.6: An Efficient and Backwards-Compatible Transformation to.. - Xu, DuVarney, Sekar (2004) (Correct)
0.3: Minos: Control Data Attack Prevention Orthogonal to Memory Model - Crandall, Chong (2004) (Correct)
Similar documents based on text: More All
0.2: DBAI Publication List 2001 - TU-Wien (2001) (Correct)
0.2: A First Step Towards Automated Detection of Buffer.. - Wagner, Foster.. (2000) (Correct)
0.2: Efficient Type Matching - Jha, Palsberg, Zhao (2002) (Correct)
BibTeX entry: (Update)
@misc{ vinod-buffer,
author = "Static Analysis Vinod",
title = "Buffer Overrun Detection using Linear Programming and",
url = "citeseer.ist.psu.edu/654181.html" }
Citations (may not include all citations):3972 Introduction to Algorithms (context) - Cormen, Lieserson et al. - 2001
415 Efficiently computing static single assignment form and the .. - Cytron, Ferrante et al. - 1991
390 Interprocedural slicing using dependence graphs - Horwitz, Reps et al. - 1990
232 Program Analysis and Specialization for the C Programming La.. (context) - Andersen - 1994
87 Fourier-Motzkin elimination and its dual (context) - Dantzig, Eaves - 1973
43 ABCD: Eliminating array-bounds checks on demand - Bodik, Gupta et al. - 2000
15 CCured in the Real World - Condit, Harren et al. - 2003
14 RAD: A compile-time solution to buffer overflow attacks - Chiueh, Hsu - 2001
13 CSSV: Towards a realistic tool for statically detecting all .. - Dor, Rodeh et al. - 2003
11 Automatic detection and prevention of buffer overflow attack.. (context) - Cowan, Beattie et al. - 1998
11 Protecting from stack-smashing attacks (context) - Etoh, Yoda - 2000
5 Presolving in linear programming (context) - Anderson, Anderson - 1995
4 Buffer overrun detection using linear programming and static.. - Ganapathy, Jha et al. - 2003
3 PointGuard TM : Protecting pointers from buffer overflow vul.. (context) - Cowan, Beattie et al. - 2003
2 Locating minimal infeasible constraint sets in linear progra.. (context) - Chinnek, Dravinieks - 1991
1 Speeding up (context) - Horwitz, Reps et al.
www.securityfocus.com
www.securityfocus.com/archive/1/313757
www.sans.org/top20
www.cert.org/advisories
Documents on the same site (http://www.cs.wisc.edu/wisa/papers/index.html): More
Efficient Context-Sensitive Intrusion Detection - Giffin, Jha, Miller (2004) (Correct)
Analyzing Memory Accesses in x86 Executables - Balakrishnan, Reps (2004) (Correct)
Buffer Overrun Detection Using Linear Programming.. - Ganapathy, Jha.. (2003) (Correct)
Online articles have much greater impact More about CiteSeer.IST Add search form to your site Submit documents Feedback
CiteSeer.IST - Copyright Penn State and NEC