Tools
Sorted by:
Try your query at:
 |
 |
 |
 |
 |
 |
Results 1 - 10
of
1,441
Dynamic vs. static flow-sensitive security analysis
, 2010
"... This paper seeks to answer fundamental questions about trade-offs between static and dynamic security analysis. It has been previously shown that flow-sensitive static information-flow analysis is a natural generalization of flowinsensitive static analysis, which allows accepting more secure program ..."
Abstract
-
Cited by 63 (14 self)
- Add to MetaCart
This paper seeks to answer fundamental questions about trade-offs between static and dynamic security analysis. It has been previously shown that flow-sensitive static information-flow analysis is a natural generalization of flowinsensitive static analysis, which allows accepting more secure
Intrusion Detection via Static Analysis
, 2001
"... One of the primary challenges in intrusion detection is modelling typical application behavior, so that we can recognize attacks by their atypical effects without raising too many false alarms. We show how static analysis may be used to automatically derive a model of application behavior. The resul ..."
Abstract
-
Cited by 352 (1 self)
- Add to MetaCart
One of the primary challenges in intrusion detection is modelling typical application behavior, so that we can recognize attacks by their atypical effects without raising too many false alarms. We show how static analysis may be used to automatically derive a model of application behavior
The Determinants of Credit Spread Changes.
- Journal of Finance
, 2001
"... ABSTRACT Using dealer's quotes and transactions prices on straight industrial bonds, we investigate the determinants of credit spread changes. Variables that should in theory determine credit spread changes have rather limited explanatory power. Further, the residuals from this regression are ..."
Abstract
-
Cited by 422 (2 self)
- Add to MetaCart
are highly crosscorrelated, and principal components analysis implies they are mostly driven by a single common factor. Although we consider several macro-economic and financial variables as candidate proxies, we cannot explain this common systematic component. Our results suggest that monthly credit spread
A First Step towards Automated Detection of Buffer Overrun Vulnerabilities
- IN NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM
, 2000
"... We describe a new technique for finding potential buffer overrun vulnerabilities in security-critical C code. The key to success is to use static analysis: we formulate detection of buffer overruns as an integer range analysis problem. One major advantage of static analysis is that security bugs can ..."
Abstract
-
Cited by 394 (9 self)
- Add to MetaCart
We describe a new technique for finding potential buffer overrun vulnerabilities in security-critical C code. The key to success is to use static analysis: we formulate detection of buffer overruns as an integer range analysis problem. One major advantage of static analysis is that security bugs
Flow-Sensitive Type Analysis for C++
- RESEARCH REPORT RC 20267, IBM T. J. WATSON RESEARCH CENTER
, 1995
"... Static determination of run-time types is a key analysis step for compile-time optimizations of object-oriented languages with dynamic dispatch of functions. Type information is fundamental for determining the virtual functions that can be invoked and enables a number of interprocedural analyses and ..."
Abstract
-
Cited by 21 (0 self)
- Add to MetaCart
. In this paper, we show how an existing flow-sensitive pointer alias analysis that uses a compact representation can be adapted to provide a type analysis algorithm which computes type information in a lazy fashion, thereby incurring minimal additional overhead. We show that use of the type information as soon
Flow-sensitive static optimizations for runtime monitors.
, 2007
"... Abstract Runtime monitoring enables developers to specify code that executes whenever certain sequences of events occur during program execution. Tracematches, a Java language extension, permit developers to specify and execute runtime monitors. Tracematches consist of regular expressions over even ..."
Abstract
-
Cited by 4 (1 self)
- Add to MetaCart
well in most cases, more difficult cases with large overheads remained. In this paper, we propose three novel intraprocedural optimizations with the goal of eliminating the overhead from runtime monitors. Our optimizations rely on flow-sensitivity and precise local may-alias and must-alias information
Position paper: Static flow-sensitive & contextsensitive information-flow analysis for software product lines
- Workshop on Programming Languages and Analysis for Security (PLAS 2012
, 2012
"... A software product line encodes a potentially large variety of software products as variants of some common code base, e.g., through the use of #ifdef statements or other forms of conditional compilation. Traditional information-flow anal-yses cannot cope with such constructs. Hence, to check for po ..."
Abstract
-
Cited by 6 (3 self)
- Add to MetaCart
for possibly insecure information flow in a product line, one cur-rently has to analyze each resulting product separately, of which there may be thousands, making this task intractable. We report about ongoing work that will instead enable users to check the security of information flows in entire software
Structural and Flow-Sensitive Types for Whiley
, 2011
"... Modern statically typed languages require variables to be declared with a single static type, and that subtyping relationships between used-defined types be made explicit. This contrasts with dynamically typed languages, where variables are declared implicitly, can hold values of different types at ..."
Abstract
-
Cited by 2 (1 self)
- Add to MetaCart
at different points and have no restrictions on flow (leading to ad-hoc and implicit subtyping). We present the flow-sensitive and structural type system used in the Whiley language. This permits variables to be declared implicitly, have multiple types within a function, and be retyped after runtime type tests
Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper)
- IN 2006 IEEE SYMPOSIUM ON SECURITY AND PRIVACY
, 2006
"... The number and the importance of Web applications have increased rapidly over the last years. At the same time, the quantity and impact of security vulnerabilities in such applications have grown as well. Since manual code reviews are time-consuming, error-prone and costly, the need for automated so ..."
Abstract
-
Cited by 212 (23 self)
- Add to MetaCart
solutions has become evident. In this paper, we address the problem of vulnerable Web applications by means of static source code analysis. More precisely, we use flow-sensitive, interprocedural and context-sensitive data flow analysis to discover vulnerable points in a program. In addition, alias
Flow-sensitive pointer analysis for millions of lines of code
- In Code Generation and Optimization (CGO), 2011 9th Annual IEEE/ACM International Symposium on
, 2011
"... Abstract—Many program analyses benefit, both in precision and performance, from precise pointer analysis. An important dimension of pointer analysis precision is flow-sensitivity, which has been shown to be useful for applications such as program verification and static analysis of binary code, amon ..."
Abstract
-
Cited by 21 (0 self)
- Add to MetaCart
Abstract—Many program analyses benefit, both in precision and performance, from precise pointer analysis. An important dimension of pointer analysis precision is flow-sensitivity, which has been shown to be useful for applications such as program verification and static analysis of binary code
Results 1 - 10
of
1,441
