An empirical study of the reliability of UNIX utilities
Communications of the ACM
A CLP language handling disjunctions of linear constraints
ICLP'93 Proceedings of the tenth international conference on logic programming on Logic programming
Context-sensitive interprocedural points-to analysis in the presence of function pointers
PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation
Points-to analysis in almost linear time
POPL '96 Proceedings of the 23rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Automatic discovery of linear restraints among variables of a program
POPL '78 Proceedings of the 5th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
A New Numerical Abstract Domain Based on Difference-Bound Matrices
PADO '01 Proceedings of the Second Symposium on Programs as Data Objects
Static Analysis of Mega-Programs
SAS '99 Proceedings of the 6th International Symposium on Static Analysis
Cleanness Checking of String Manipulations in C Programs via Integer Analysis
SAS '01 Proceedings of the 8th International Symposium on Static Analysis
ITS4: A static vulnerability scanner for C and C++ code
ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
Statically detecting likely buffer overflow vulnerabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Transparent run-time defense against stack smashing attacks
ATEC '00 Proceedings of the annual conference on USENIX Annual Technical Conference
ASTLOG: a language for examining abstract syntax trees
DSL'97 Proceedings of the Conference on Domain-Specific Languages on Conference on Domain-Specific Languages (DSL), 1997
strlcpy and strlcat: consistent, safe, string copy and concatenation
ATEC '99 Proceedings of the annual conference on USENIX Annual Technical Conference
CSSV: towards a realistic tool for statically detecting all buffer overflows in C
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
Splitting the Control Flow with Boolean Flags
SAS '08 Proceedings of the 15th international symposium on Static Analysis
Proceedings of the 23rd ACM SIGPLAN conference on Object-oriented programming systems languages and applications
Speeding up Polyhedral Analysis by Identifying Common Constraints
Electronic Notes in Theoretical Computer Science (ENTCS)
The two variable per inequality abstract domain
Higher-Order and Symbolic Computation
Static analysis of string manipulations in critical embedded c programs
SAS'06 Proceedings of the 13th international conference on Static Analysis
Cryptographic protocol analysis on real c code
VMCAI'05 Proceedings of the 6th international conference on Verification, Model Checking, and Abstract Interpretation
A generic framework for interprocedural analysis of numerical properties
SAS'05 Proceedings of the 12th international conference on Static Analysis
Widening polyhedra with landmarks
APLAS'06 Proceedings of the 4th Asian conference on Programming Languages and Systems
Modeling and analyzing the interaction of C and C++ strings
FoVeOOS'11 Proceedings of the 2011 international conference on Formal Verification of Object-Oriented Software
Taming the wrapping of integer arithmetic
SAS'07 Proceedings of the 14th international conference on Static Analysis
| Hi-index | 0.00 |
A buffer overrun occurs in a C program when input is read into a buffer whose length exceeds that of the buffer. Overruns often lead to crashes and are a widespread form of security vulnerability. This paper describes an analysis for detecting overruns before deployment which is conservative in the sense that it locates every possible buffer overrun. The paper details the subtle relationship between overrun analysis and pointer analysis and explains how buffers can be modeled with a linear number of variables. As far as we know, the paper gives the first formal account of how this software and security problem can be tackled with abstract interpretation, setting it on a firm, mathematical basis.