A First Step towards Automated Detection of Buffer Overrun Vulnerabilities

A First Step towards Automated Detection of Buffer Overrun Vulnerabilities (2000)

Cached

Download Links

Other Repositories/Bibliography

DBLP

by David Wagner , Jeffrey S. Foster , Eric A. Brewer , Alexander Aiken

Venue:	IN NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM
Citations:	385 - 9 self

BibTeX

@INPROCEEDINGS{Wagner00afirst,
    author = {David Wagner and Jeffrey S. Foster and Eric A. Brewer and Alexander Aiken},
    title = {A First Step towards Automated Detection of Buffer Overrun Vulnerabilities},
    booktitle = {IN NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM},
    year = {2000},
    pages = {3--17},
    publisher = {}
}

OpenURL

Abstract

We describe a new technique for finding potential buffer overrun vulnerabilities in security-critical C code. The key to success is to use static analysis: we formulate detection of buffer overruns as an integer range analysis problem. One major advantage of static analysis is that security bugs can be eliminated before code is deployed. We have implemented our design and used our prototype to find new remotely-exploitable vulnerabilities in a large, widely deployed software package. An earlier hand audit missed these bugs.

Keyphrases

first step towards automated detection buffer overrun vulnerability static analysis new technique integer range analysis problem new remotely-exploitable vulnerability hand audit buffer overrun software package major advantage potential buffer overrun vulnerability security bug security-critical code