The undecidability of aliasing
ACM Transactions on Programming Languages and Systems (TOPLAS)
LCLint: a tool for using specifications to check code
SIGSOFT '94 Proceedings of the 2nd ACM SIGSOFT symposium on Foundations of software engineering
Static detection of dynamic memory errors
PLDI '96 Proceedings of the ACM SIGPLAN 1996 conference on Programming language design and implementation
Dynamically discovering likely program invariants to support program evolution
Proceedings of the 21st international conference on Software engineering
Linux Journal
Programming Perl
ITS4: A static vulnerability scanner for C and C++ code
ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
Policy-directed code safety
Statically detecting likely buffer overflow vulnerabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
FormatGuard: automatic protection from printf format string vulnerabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Detecting format string vulnerabilities with type qualifiers
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
A secure environment for untrusted helper applications confining the Wily Hacker
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Transparent run-time defense against stack smashing attacks
ATEC '00 Proceedings of the annual conference on USENIX Annual Technical Conference
AMAST '02 Proceedings of the 9th International Conference on Algebraic Methodology and Software Technology
Web application security assessment by fault injection and behavior monitoring
WWW '03 Proceedings of the 12th international conference on World Wide Web
Tracking pointers with path and context sensitivity for bug detection in C programs
Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
MECA: an extensible, expressive system and language for statically checking security properties
Proceedings of the 10th ACM conference on Computer and communications security
Methods for the prevention, detection and removal of software security vulnerabilities
ACM-SE 42 Proceedings of the 42nd annual Southeast regional conference
Correlation exploitation in error ranking
Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
Testing static analysis tools using exploitable buffer overflows from open source code
Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
Using build-integrated static checking to preserve correctness invariants
Proceedings of the 11th ACM conference on Computer and communications security
Efficient and effective array bound checking
ACM Transactions on Programming Languages and Systems (TOPLAS)
Towards agile security assurance
NSPW '04 Proceedings of the 2004 workshop on New security paradigms
Install-Time Vaccination of Windows Executables to Defend against Stack Smashing Attacks
IEEE Transactions on Dependable and Secure Computing
Non-null references by default in the Java modeling language
SAVCBS '05 Proceedings of the 2005 conference on Specification and verification of component-based systems
Modular checking for buffer overflows in the large
Proceedings of the 28th international conference on Software engineering
Inculcating invariants in introductory courses
Proceedings of the 28th international conference on Software engineering
Condate: a proto-language at the confluence between checking and compiling
Proceedings of the 8th ACM SIGPLAN international conference on Principles and practice of declarative programming
Polymorphism and separation in hoare type theory
Proceedings of the eleventh ACM SIGPLAN international conference on Functional programming
Secure Bit: Transparent, Hardware Buffer-Overflow Protection
IEEE Transactions on Dependable and Secure Computing
SSVChecker: unifying static security vulnerability detection tools in an Eclipse plug-in
eclipse '06 Proceedings of the 2006 OOPSLA workshop on eclipse technology eXchange
Survey of network-based defense mechanisms countering the DoS and DDoS problems
ACM Computing Surveys (CSUR)
A framework for the static verification of api calls
Journal of Systems and Software
Flashback: a lightweight extension for rollback and deterministic replay for software debugging
ATEC '04 Proceedings of the annual conference on USENIX Annual Technical Conference
High coverage detection of input-related security facults
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Non-control-data attacks are realistic threats
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Large-scale analysis of format string vulnerabilities in Debian Linux
Proceedings of the 2007 workshop on Programming languages and analysis for security
The B Method And The Component-Based Approach
Journal of Integrated Design & Process Science
AVal: an extensible attribute-oriented programming validator for Java: Research Articles
Journal of Software Maintenance and Evolution: Research and Practice - Source Code Analysis and Manipulation (SCAM 2006)
/*icomment: bugs or bad comments?*/
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Flow-insensitive static analysis for detecting integer anomalies in programs
SE'07 Proceedings of the 25th conference on IASTED International Multi-Conference: Software Engineering
Detecting buffer overflow via automatic test input data generation
Computers and Operations Research
Towards self-propagate mal-packets in sensor networks
WiSec '08 Proceedings of the first ACM conference on Wireless network security
Hotcomments: how to make program comments more useful?
HOTOS'07 Proceedings of the 11th USENIX workshop on Hot topics in operating systems
Processor virtualization for secure mobile terminals
ACM Transactions on Design Automation of Electronic Systems (TODAES)
Evaluating the cost reduction of static code analysis for software security
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
Parfait: designing a scalable bug checker
Proceedings of the 2008 workshop on Static analysis
The Verified Software Challenge: A Call for a Holistic Approach to Reliability
Verified Software: Theories, Tools, Experiments
Annotation Framework Validation Using Domain Models
ECMDA-FA '08 Proceedings of the 4th European conference on Model Driven Architecture: Foundations and Applications
Vigilante: End-to-end containment of Internet worm epidemics
ACM Transactions on Computer Systems (TOCS)
Efficient and extensible security enforcement using dynamic data flow analysis
Proceedings of the 15th ACM conference on Computer and communications security
FIDES: An advanced chip multiprocessor platform for secure next generation mobile terminals
ACM Transactions on Embedded Computing Systems (TECS)
An empirical security study of the native code in the JDK
SS'08 Proceedings of the 17th conference on Security symposium
Dynamic security domain scaling on embedded symmetric multiprocessors
ACM Transactions on Design Automation of Electronic Systems (TODAES)
Detection of Security Vulnerabilities Using Guided Model Checking
ICLP '08 Proceedings of the 24th International Conference on Logic Programming
Self-healing control flow protection in sensor applications
Proceedings of the second ACM conference on Wireless network security
Hoare type theory, polymorphism and separation1
Journal of Functional Programming
BegBunch: benchmarking for C bug detection tools
Proceedings of the 2nd International Workshop on Defects in Large Software Systems: Held in conjunction with the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2009)
Source Code Verification Tools for Software Security Bugs
Proceedings of the 2006 conference on New Trends in Software Methodologies, Tools and Techniques: Proceedings of the fifth SoMeT_06
Empirical Software Engineering
The life and death of statically detected vulnerabilities: An empirical study
Information and Software Technology
Formal methods: Practice and experience
ACM Computing Surveys (CSUR)
Improving application security with data flow assertions
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Comparative study of partitioning methods for program testing
SEA '07 Proceedings of the 11th IASTED International Conference on Software Engineering and Applications
Filtering false alarms of buffer overflow analysis using SMT solvers
Information and Software Technology
UnitCheck: Unit Testing and Model Checking Combined
ATVA '09 Proceedings of the 7th International Symposium on Automated Technology for Verification and Analysis
FM '09 Proceedings of the 2nd World Congress on Formal Methods
Capability wrangling made easy: debugging on a microkernel with valgrind
Proceedings of the 6th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Abstract predicates and mutable adts in hoare type theory
ESOP'07 Proceedings of the 16th European conference on Programming
The verifying compiler: a grand challenge for computing research
CC'03 Proceedings of the 12th international conference on Compiler construction
A realizability model for impredicative Hoare type theory
ESOP'08/ETAPS'08 Proceedings of the Theory and practice of software, 17th European conference on Programming languages and systems
Towards a unified fault-detection benchmark
Proceedings of the 9th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Visual analysis of code security
Proceedings of the Seventh International Symposium on Visualization for Cyber Security
DBTaint: cross-application information flow tracking via databases
WebApps'10 Proceedings of the 2010 USENIX conference on Web application development
Practical and effective symbolic analysis for buffer overflow detection
Proceedings of the eighteenth ACM SIGSOFT international symposium on Foundations of software engineering
A formal nethod (a networked formal method)
Innovations in Systems and Software Engineering
Formal Methods in System Design
Addressing software application security issues
ICCOMP'06 Proceedings of the 10th WSEAS international conference on Computers
aComment: mining annotations from comments and code to detect interrupt related concurrency bugs
Proceedings of the 33rd International Conference on Software Engineering
JSquash: source code analysis of embedded database applications for determining SQL statements
INAP'09 Proceedings of the 18th international conference on Applications of declarative programming and knowledge management
Static deep error checking in large system applications using parfait
Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering
Using static analysis tools to detect and correct non-compliant cryptography
ACM SIGSOFT Software Engineering Notes
A framework for analyzing programs written in proprietary languages
Proceedings of the ACM international conference companion on Object oriented programming systems languages and applications companion
Transparent run-time prevention of format-string attacks via dynamic taint and flexible validation
ISC'06 Proceedings of the 9th international conference on Information Security
Return address randomization scheme for annuling data-injection buffer overflow attacks
Inscrypt'06 Proceedings of the Second SKLOIS conference on Information Security and Cryptology
Static analysis of string manipulations in critical embedded c programs
SAS'06 Proceedings of the 13th international conference on Static Analysis
Detecting memory access errors with flow-sensitive conditional range analysis
ICESS'05 Proceedings of the Second international conference on Embedded Software and Systems
Using annotations to check structural properties of classes
FASE'05 Proceedings of the 8th international conference, held as part of the joint European Conference on Theory and Practice of Software conference on Fundamental Approaches to Software Engineering
Model-Driven engineering of machine executable code
ECMFA'10 Proceedings of the 6th European conference on Modelling Foundations and Applications
An extensible open-source compiler infrastructure for testing
HVC'05 Proceedings of the First Haifa international conference on Hardware and Software Verification and Testing
DroidChecker: analyzing android applications for capability leak
Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks
Mitigating program security vulnerabilities: Approaches and challenges
ACM Computing Surveys (CSUR)
Towards an open framework for c verification tools benchmarking
PSI'11 Proceedings of the 8th international conference on Perspectives of System Informatics
SSMalloc: a low-latency, locality-conscious memory allocator with stable performance scalability
Proceedings of the Asia-Pacific Workshop on Systems
Using linux device drivers for static verification tools benchmarking
Programming and Computing Software
SSMalloc: a low-latency, locality-conscious memory allocator with stable performance scalability
APSys'12 Proceedings of the Third ACM SIGOPS Asia-Pacific conference on Systems
Detection of runtime errors in MISRA C programs: a deductive approach
SAFECOMP'07 Proceedings of the 26th international conference on Computer Safety, Reliability, and Security
Non-null references by default in java: alleviating the nullity annotation burden
ECOOP'07 Proceedings of the 21st European conference on Object-Oriented Programming
Inferring Effective Types for Static Analysis of C Programs
Electronic Notes in Theoretical Computer Science (ENTCS)
Detecting control flow in smarphones: combining static and dynamic analyses
CSS'12 Proceedings of the 4th international conference on Cyberspace Safety and Security
Chucky: exposing missing checks in source code for vulnerability discovery
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Proceedings of the 23rd international conference on World wide web
| Hi-index | 0.00 |
Most security attacks exploit in-stances of well-known classes of implementation flaws. Developers could detect and eliminate many of these flaws before deploying the software, yet these problems persist with disturbing frequency-not be-cause the security community doesn't sufficiently understand them but because techniques for preventing them have not been integrated into the software development process. This article describes an extensible tool that uses lightweight static analysis to detect common security vulnerabilities (including buffer overflows and format string vulnerabilities).