Vinod Ganapathy, Somesh Jha, David Chandler, David Melski, David Vitek  Home/Search
Context Related
| wisc.edu/techreports/rep...tr1488.ps.Z Cached: PS.gz PS PDF This document uses CoBlitz to cache paper downloads. If your firewall is blocking outgoing connections to port 3125, you can use these links to download local copies.
Image Update HelpPS.gz PS PDF From: wisc.edu/wisa/papers/index (more) (Enter author homepages) |
Rate this article:      (best)Comment on this article |
Abstract: This paper addresses the issue of identifying buffer overrun vulnerabilities by statically analyzing C source code. We demonstrate a scalable analysis based on modeling C string manipulations as a linear program. We also present fast, scalable solvers based on linear programming, and demonstrate how to make the analysis context sensitive. Based on these techniques, we built a prototype and used it to identify several vulnerabilities in popular security critical applications. (Update)
Cited by: More
An Efficient and Backwards-Compatible Transformation to.. - Xu, DuVarney, Sekar (2004) (Correct)
Using Execution Transactions To Recover From Buffer.. - Stelios Sidiroglou.. (2004) (Correct)
Buffer Overrun Detection using Linear Programming and - Static Analysis Vinod (Correct)
Active bibliography (related documents): More All
0.5: Static Single Information from a Functional Perspective - Singer (Correct)
0.5: Perceptual Completion of Occluded Surfaces - Williams (1994) (Correct)
0.3: A Practical Dynamic Buffer Overflow Detector - Olatunji Ruwase Transmeta (2004) (Correct)
Similar documents based on text: More All
0.2: DBAI Publication List 2001 - TU-Wien (2001) (Correct)
0.2: Progress on the State Explosion Problem in Model Checking - Clarke, Grumberg, Jha, Lu, .. (2000) (Correct)
0.2: Efficient Type Matching - Jha, Palsberg, Zhao (2002) (Correct)
Related documents from co-citation: More All
4: CSSV: Towards a realistic tool for statically detecting all buffer overflows in .. - Dor, Rodeh et al. - 2003
3: Cyclone: A safe dialect of c - Jim, Morrisett et al. - 2002
3: Protecting from stack-smashing attacks (context) - Etoh, Yoda - 2000
BibTeX entry: (Update)
V. Ganapathy, S. Jha, D. Chandler, D. Melski, and D. Vitek. Buffer overrun detection using linear programming and static analysis. 2003. http://citeseer.ist.psu.edu/ganapathy03buffer.html More
@misc{ ganapathy03buffer,
author = "V. Ganapathy and S. Jha and D. Chandler and D. Melski and D. Vitek",
title = "Buffer overrun detection using linear programming and static analysis",
text = "V. Ganapathy, S. Jha, D. Chandler, D. Melski, and D. Vitek. Buffer overrun
detection using linear programming and static analysis. 2003.",
year = "2003",
url = "citeseer.ist.psu.edu/ganapathy03buffer.html" }
Citations (may not include all citations):3972 Introduction to Algorithms (context) - Cormen, Lieserson et al. - 2001
717 Theory of Linear and Integer Programming (context) - Schrijver - 1986
415 Efficiently computing static single assignment form and the .. - Cytron, Ferrante et al. - 1991
390 Interprocedural slicing using dependence graphs - Horwitz, Reps et al. - 1990
276 Linear Programming and Extensions (context) - Dantzig - 1963
232 Program Analysis and Specialization for the C Programming La.. (context) - Andersen - 1994
186 Primal-Dual Interior-Point Methods (context) - Wright - 1997
151 Algorithms and Applications (context) - Ahuja, Magnanti et al. - 1993
138 Freeman and Co (context) - Garey, Johnson et al. - 1979
72 A first step towards automated detection of buffer overrun v.. - Wagner, Foster et al. - 2000
67 CCured: type-safe retrofitting of legacy code - Necula, McPeak et al. - 2002
57 Speeding up slicing - Horwitz, Reps et al. - 1994
43 ABCD: Eliminating arraybounds checks on demand - Bodik, Gupta et al. - 2000
35 Statically detecting likely buffer overflow vulnerabilities - Larochelle, Evans - 2001
29 Precise interprocedural chopping (context) - Reps, Rosay - 1995
24 Freeman and Co (context) - Chvatal - 2000
19 Stack smashing vulnerabilities in the UNIX operating system (context) - Smith - 1997
15 CCured in the Real World - Condit, Harren et al. - 2003
14 RAD: A compile-time solution to buffer overflow attacks - Chiueh, Hsu - 2001
13 CSSV: Towards a realistic tool for statically detecting all .. - Dor, Rodeh et al. - 2003
13 A binary rewriting defense against stack based buffer overfl.. (context) - Prasad, Chiueh - 2003
11 Automatic detection and prevention of buffer overflow attack.. (context) - Cowan, Beaattie et al. - 1998
8 Static Analysis and Computer Security: New techniques for so.. (context) - Wagner - 2000
5 Presolving in linear programming (context) - Anderson, Anderson - 1995
5 Paralleler und Objektorientierter Simplex-Algorithmus (context) - Wunderling
2 Integral boundary points of complex polyhedra (context) - Hoffman, Kruskal - 1956
2 Locating minimal infeasible constraint sets in linear progra.. (context) - Chinnek, Dravinieks - 1991
2 array indices and accessed memory regions (context) - Rugina, Rinard et al. - 2000
1 WU-FTPD resource center; personal communication (context) - Landfield - 2003
1 Technical analysis of the remote sendmail vulnerability (context) - bugtraq, list - 2003
1 Integer extreme points (context) - Veinott, Dantzig - 1968
1 Eliminating array bounds checks through dependent types (context) - Xi, Pfenning - 1998
www.sans.org/top20
www.cert.org/advisories
www.securityfocus.com
www.zib.de/Optimization/Software/Soplex/
www.cplex.com/
Documents on the same site (http://www.cs.wisc.edu/wisa/papers/index.html): More
Efficient Context-Sensitive Intrusion Detection - Giffin, Jha, Miller (2004) (Correct)
Analyzing Memory Accesses in x86 Executables - Balakrishnan, Reps (2004) (Correct)
Buffer Overrun Detection using Linear Programming and - Static Analysis Vinod (Correct)
Online articles have much greater impact More about CiteSeer.IST Add search form to your site Submit documents Feedback
CiteSeer.IST - Copyright Penn State and NEC