CSSV: Towards a Realistic Tool for Statically Detecting All Buffer Overflows In C

CSSV: Towards a Realistic Tool for Statically Detecting All Buffer Overflows In C (2000)

Cached

Download Links

[www.cs.tau.ac.il]

Other Repositories/Bibliography

DBLP

by Nurit Dor , Michael Rodeh , Mooly Sagiv

Citations:

100 - 5 self

BibTeX

@MISC{Dor00cssv:towards,
    author = {Nurit Dor and Michael Rodeh and Mooly Sagiv},
    title = {CSSV: Towards a Realistic Tool for Statically Detecting All Buffer Overflows In C},
    year = {2000}
}

Years of Citing Articles

Bookmark

OpenURL

Abstract

Erroneous string manipulations are a major source of software defects in C programs yielding vulnerabilities which are exploited by software viruses. We present C String Static Verifyer (CSSV), a tool that statically uncovers all string manipulation errors. Being a conservative tool, it reports all such errors at the expense of sometimes generating false alarms. Fortunately, only a small number of false alarms are reported, thereby proving that statically reducing software vulnerability is achievable. CSSV handles large programs by analyzing each procedure separately. For this, procedures' contracts are allowed which are veri ed by the tool.

Citations

1310	A Discipline of Programming - Dijkstra - 1976
1128	The C Programming Language - Kernighan, Ritchie - 1988
211	Interprocedural may-alias analysis for pointers: beyond k-limiting - Deutsch - 1994
175	Unification-based pointer analysis with directional assignments - Das - 2000
113	V.: ABCD: Eliminating array bounds checks on demand - Bodik, Gupta, et al. - 2000
104	Ultra-fast aliasing analysis using cla: a million lines of C code in a second - Heintze, Tardieu - 2001
103	an annotation assistant for ESC/Java - Houdini - 2001
100	Symbolic bounds analysis for pointers, array indices, and accessed memory re - Rugina, Rinard
91	Verication of real-time systems using linear relation analysis - Halbwachs, Proy, et al. - 1997
78	Fuzz revisited: A re-examination of the reliability of unix utilities and services - Miller, Koski, et al. - 1995
62	Elimination of redundant array subscript range checks - Kolte, Wolfe - 1995
56	Interprocedural aliasing in the presence of pointers - LANDI - 1992
52	Estimating the impact of scalable pointer analysis on optimization - Das, Liblit, et al. - 2001
44	Improving computer security using extended static checking - Chess - 2002
35	Cleanness checking of string manipulations in C programs via integer analysis - Dor, Rodeh, et al.
31	Deriving programs from speci - Morgan - 1990
29	Enhancing the pre- and postcondition technique for more expressive specifications - Leavens, Baker - 1999
23	Automatic discovery of linear constraints among variables of a program - Cousot, Halbwachs - 1978
23	A rst step towards automated detection of bu er overrun vulnerabilities - Wagner, Foster, et al. - 2000
11	An e#cient hybrid algorithm for incremental data flow analysis - Marlowe, Ryder - 1990
10	Ecient computation of parameterized pointer information for interprocedural analyses - Liang, Harrold - 2001
5	Statically detecting likely buer over vulnerabilities - Larochelle, Evans - 2001
5	Interprocedural modi side eect analysis with pointer aliasing - Landi, Ryder, et al. - 1993
1	Statically Detecting All Buer Over in C - Dor - 2003
1	Static Analysis of Linear Properties Invariantly Satis by the Numeric Variables of a program - Halbwachs - 1979
1	New polka library. Available at \http://www.irisa.fr/prive/Bertrand.Jeannet/newpolka.html - Jeannet
1	toolkit. Available at \http://research.microsoft.com/sbt/asttoolkit/ast.asp - Ast - 2002
1	A precise inter-procedural data algorithm - Myers - 1981
1	Analyzing string buers in c - Simon, King - 2000
1	CoreC: A Simpli for C - Yorsh - 2002