See this document in CiteSeerX!

ITS4: A Static Vulnerability Scanner for C and C++ Code (2000)  (Make Corrections)  (4 citations)
John Viega, J.T. Bloch, Tadayoshi Kohno, Gary McGraw
ACM Transactions on Information and System Security



  Home/Search   Context   Related

 
View or download:
cigital.com/papers/download/its4.ps
Cached:  PS.gz  PS  PDF   Image  Update  Help

From:  cigital.com/its4 (more)
(Enter author homepages)

Rate this article: (best)
  Comment on this article  
(Enter summary)

Abstract: We describe ITS4, a tool for statically scanning security-critical C and C++ source code for vulnerabilities. Compared to other techniques, our results indicate that this approach stakes out a new middle ground on accuracy, while being efficient enough to give realtime feedback to a developer during coding. Our technique is also simple enough that it can easily be applied to C++, despite the complexities inherent in the language. We have used our tool to find new remotelyexploitable... (Update)

Context of citations to this paper:   More

...reliability and secure IT systems supporting the business needs of many companies. In fact, a source code analysis of MICO with ITS4 [VBKM00] revealed that MICO does not contain very security critical code. As MICO provides only a C language mapping, we decided to show...

...on automatic systems designed to detect errors with minimal or no manual intervention. Such systems include lexical techniques [18], enhanced type systems [17, 20] and compiler based approaches that use finite state machines [9] or model checking [1] All of these...

Cited by:   More
Using Programmer-Written Compiler Extensions to Catch.. - Ashcraft, Engler (2002)   (Correct)
Separation of Concerns for Security - Viega, Evans (2000)   (Correct)
Detecting Errors with Configurable Whole-program Dataflow.. - Guyer, Berger, Lin (2002)   (Correct)

Similar documents (at the sentence level):
44.5%:   A Static Vulnerability Scanner for C and C++ Code - John Viega Bloch (2000)   (Correct)

Active bibliography (related documents):   More   All
0.0:   Implementing the SMS server, or why I switched from Tcl to Python - Stajano (1998)   (Correct)
0.0:   Security Models for Web-Based Applications - Using traditional and .. - Joshi   (Correct)
0.0:   Hash Visualization: a New Technique to improve Real-World.. - Perrig, Song (1999)   (Correct)

Similar documents based on text:   More   All
0.6:   Testing for Security During Development: Why we should scrap.. - McGraw (1998)   (Correct)
0.6:   An Approach for Certifying Security in Software Components - Ghosh, McGraw   (Correct)
0.6:   An Automated Approach for Identifying Potential.. - Ghosh, O'Connor, McGraw (1998)   (Correct)

Related documents from co-citation:   More   All
2:   Checking system rules using system-specific (context) - Engler, Chelf et al. - 2000
2:   Programming Perl (context) - Larry, Schwartz - 1991
2:   A first step towards automated detection of buffer overrun vulnerabilities - Wagner, Foster et al. - 2000

BibTeX entry:   (Update)

John Viega, J.T. Bloch, Tadayoshi Kohno, and Gary McGraw. ITS4 : A Static Vulnerability Scanner for C and C++ Code. ftp://ftp.rstcorp.com/pub/papers/its4.pdf, 2000. c 9 2000 Springer-Verlag, Informatik aktuell , http://www.springer.de/comp-de/inf akt/index.html http://citeseer.ist.psu.edu/viega00its.html   More

@article{ viega02its,
    author = "John Viega and J. T. Bloch and Tadayoshi Kohno and Gary McGraw",
    title = "{ITS4}: {A} Static Vulnerability Scanner for {C} and {C++} Code",
    journal = "ACM Transactions on Information and System Security",
    volume = "5",
    number = "2",
    pages = "??--??",
    year = "2002",
    url = "citeseer.ist.psu.edu/viega00its.html" }
Citations (may not include all citations):
866   Techniques and Tools (context) - Aho, Sethi et al. - 1986
141   Stackguard: Automatic adaptive detection and prevention of b.. - Cowan - 1998
73   A safe approximation algorithm for interprocedural pointer a.. (context) - Landi, Ryder
63   Lclint: A tool for using specifications to check code - Evans, Guttag et al. - 1994
52   Checking for race conditions in file accesses - Bishop, Dilger - 1996
13   O'Reilly and Associates (context) - Garfinkel, Spafford et al. - 1996
2   How we learned to cheat at online poker: A study in software.. (context) - Arkin, Hill et al. - 1999
2   Writing safe setuid programs (context) - Bishop - 1998
2   Randomness and the netscape browser: How secure is the world.. (context) - Goldberg, Wagner - 1996
http://www.notatla.demon.co.uk/SOFTWARE
http://www.ipay.com

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC