Static detection of dynamic memory errors
PLDI '96 Proceedings of the ACM SIGPLAN 1996 conference on Programming language design and implementation
Proceedings of the ACM SIGPLAN 1999 conference on Programming language design and implementation
Using Programmer-Written Compiler Extensions to Catch Security Holes
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Type qualifiers: lightweight specifications to improve software quality
Type qualifiers: lightweight specifications to improve software quality
Detecting format string vulnerabilities with type qualifiers
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Finding user/kernel pointer bugs with type inference
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
IntPatch: automatically fix integer-overflow-to-buffer-overflow vulnerability at compile-time
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
An 'explicit type enforcement' program transformation tool for preventing integer vulnerabiliites
Proceedings of the ACM international conference companion on Object oriented programming systems languages and applications companion
Improving integer security for systems with KINT
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
Program transformations to fix C integers
Proceedings of the 2013 International Conference on Software Engineering
Sound input filter generation for integer overflow errors
Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
Using type analysis in compiler to mitigate integer-overflow-to-buffer-overflow threat
Journal of Computer Security - ESORICS 2010
Hi-index | 0.00 |
Incomplete or improper input validation is one of the major sources of security bugs in programs. While traditional approaches often focus on detecting string related buffer overflow vulnerabilities, we present an approach to automatically detect potential integer misuse, such as integer overflows in C programs. Our tool is based on CQual, a static analysis tool using type theory. Our techniques have been implemented and tested on several widely used open source applications. Using the tool, we found known and unknown integer related vulnerabilities in these applications