Compilers: principles, techniques, and tools
Compilers: principles, techniques, and tools
A safe approximate algorithm for interprocedural aliasing
PLDI '92 Proceedings of the ACM SIGPLAN 1992 conference on Programming language design and implementation
LCLint: a tool for using specifications to check code
SIGSOFT '94 Proceedings of the 2nd ACM SIGSOFT symposium on Foundations of software engineering
Practical Unix and Internet security (2nd ed.)
Practical Unix and Internet security (2nd ed.)
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Statically detecting likely buffer overflow vulnerabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
A Hybrid Approach to Enhancing the Reliability of Software
Programming and Computing Software
Back-propagation of knowledge from syntax tree to C source code
ACM SIGPLAN Notices
Predicting vulnerable software components
Proceedings of the 14th ACM conference on Computer and communications security
Secure Software Engineering: Learning from the Past to Address Future Challenges
Information Security Journal: A Global Perspective
Mitigating program security vulnerabilities: Approaches and challenges
ACM Computing Surveys (CSUR)
A source-to-source transformation tool for error fixing
CASCON '13 Proceedings of the 2013 Conference of the Center for Advanced Studies on Collaborative Research
Hi-index | 0.00 |
We describe ITS4, a tool for statically scanning C and C++ source code for security vulnerabilities. Compared to other approaches, our scanning technique stakes out a new middle ground between accuracy and efficiency. This method is efficient enough to offer real-time feedback to developers during coding while producing few false negatives. Unlike other techniques, our method is also simple enough to scan C++ code despite the complexities inherent in the language. Using ITS4, we found new remotely exploitable vulnerabilities in a widely distributed software package as well as in a major piece of e-commerce software.We also describe functionality in more recent tools modeled after ITS4, and discuss algorithms that could easily be used to augment these kinds of tools. Particularly, we describe a solution we have prototyped that allows for more rigorous analysis of C and C++ source code, without failing to analyze parts of the program due to preprocessor conditionals.