Analysis of pointers and structures
PLDI '90 Proceedings of the ACM SIGPLAN 1990 conference on Programming language design and implementation
Programming from specifications
Programming from specifications
An efficient hybrid algorithm for incremental data flow analysis
POPL '90 Proceedings of the 17th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
The C programming language
Interprocedural aliasing in the presence of pointers
Interprocedural aliasing in the presence of pointers
Interprocedural may-alias analysis for pointers: beyond k-limiting
PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation
Efficient detection of all pointer and array access errors
PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation
Elimination of redundant array subscript range checks
PLDI '95 Proceedings of the ACM SIGPLAN 1995 conference on Programming language design and implementation
Points-to analysis in almost linear time
POPL '96 Proceedings of the 23rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Verification of Real-Time Systems using Linear Relation Analysis
Formal Methods in System Design - Special issue on computer aided verification (CAV 93)
Proceedings of the 14th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Unification-based pointer analysis with directional assignments
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
Symbolic bounds analysis of pointers, array indices, and accessed memory regions
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
ABCD: eliminating array bounds checks on demand
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
On the importance of points-to analysis and other memory disambiguation methods for C programs
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
Ultra-fast aliasing analysis using CLA: a million lines of C code in a second
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
A schema for interprocedural modification side-effect analysis with pointer aliasing
ACM Transactions on Programming Languages and Systems (TOPLAS)
Automatic discovery of linear restraints among variables of a program
POPL '78 Proceedings of the 5th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
A Discipline of Programming
A precise inter-procedural data flow algorithm
POPL '81 Proceedings of the 8th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Debugging via Run-Time Type Checking
FASE '01 Proceedings of the 4th International Conference on Fundamental Approaches to Software Engineering
AMAST '02 Proceedings of the 9th International Conference on Algebraic Methodology and Software Technology
Improving Computer Security Using Extended Static Checking
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Statically detecting likely buffer overflow vulnerabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
ARCHER: using symbolic, path-sensitive analysis to detect memory access errors
Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
Buffer overrun detection using linear programming and static analysis
Proceedings of the 10th ACM conference on Computer and communications security
Online Cycle Detection and Difference Propagation: Applications to Pointer Analysis
Software Quality Control
An efficient and backwards-compatible transformation to ensure memory safety of C programs
Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
Memory safety without garbage collection for embedded applications
ACM Transactions on Embedded Computing Systems (TECS)
Randomized instruction set emulation
ACM Transactions on Information and System Security (TISSEC)
Using instruction block signatures to counter code injection attacks
ACM SIGARCH Computer Architecture News - Special issue: Workshop on architectural support for security and anti-virus (WASSA)
TraceBack: first fault diagnosis by reconstruction of distributed control flow
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Hardware support for code integrity in embedded processors
Proceedings of the 2005 international conference on Compilers, architectures and synthesis for embedded systems
A similarity-aware approach to testing based fault localization
Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
String analysis for x86 binaries
PASTE '05 Proceedings of the 6th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Install-Time Vaccination of Windows Executables to Defend against Stack Smashing Attacks
IEEE Transactions on Dependable and Secure Computing
SAFECode: enforcing alias analysis for weakly typed languages
Proceedings of the 2006 ACM SIGPLAN conference on Programming language design and implementation
Backwards-compatible array bounds checking for C with very low overhead
Proceedings of the 28th international conference on Software engineering
Modular checking for buffer overflows in the large
Proceedings of the 28th international conference on Software engineering
Inference and enforcement of data structure consistency specifications
Proceedings of the 2006 international symposium on Software testing and analysis
SmashGuard: A Hardware Solution to Prevent Security Attacks on the Function Return Address
IEEE Transactions on Computers
Architectural support for safe software execution on embedded processors
CODES+ISSS '06 Proceedings of the 4th international conference on Hardware/software codesign and system synthesis
The octahedron abstract domain
Science of Computer Programming
Enhancing server availability and security through failure-oblivious computing
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
TIED, LibsafePlus: tools for runtime buffer overflow protection
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Ensuring secure program execution in multiprocessor embedded systems: a case study
CODES+ISSS '07 Proceedings of the 5th IEEE/ACM international conference on Hardware/software codesign and system synthesis
Efficient field-sensitive pointer analysis of C
ACM Transactions on Programming Languages and Systems (TOPLAS)
Directed test generation using symbolic grammars
Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
Effective memory protection using dynamic tainting
Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
A practical and precise inference and specializer for array bound checks elimination
PEPM '08 Proceedings of the 2008 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation
Beyond bug-finding: sound program analysis for Linux
HOTOS'07 Proceedings of the 11th USENIX workshop on Hot topics in operating systems
DMTracker: finding bugs in large-scale parallel programs by detecting anomaly in data movements
Proceedings of the 2007 ACM/IEEE conference on Supercomputing
An efficient runtime instruction block verification for secure embedded systems
Journal of Embedded Computing - Embeded Processors and Systems: Architectural Issues and Solutions for Emerging Applications
On similarity-awareness in testing-based fault localization
Automated Software Engineering
Testing for buffer overflows with length abstraction
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
SHIELD: a software hardware design methodology for security and reliability of MPSoCs
Proceedings of the 45th annual Design Automation Conference
Efficient SAT-based bounded model checking for software verification
Theoretical Computer Science
Pointer Analysis, Conditional Soundness, and Proving the Absence of Errors
SAS '08 Proceedings of the 15th international symposium on Static Analysis
Inferring Min and Max Invariants Using Max-Plus Polyhedra
SAS '08 Proceedings of the 15th international symposium on Static Analysis
Proceedings of the 23rd ACM SIGPLAN conference on Object-oriented programming systems languages and applications
LOCS: a low overhead profiler-driven design flow for security of MPSoCs
CODES+ISSS '08 Proceedings of the 6th IEEE/ACM/IFIP international conference on Hardware/Software codesign and system synthesis
Loop Summarization Using Abstract Transformers
ATVA '08 Proceedings of the 6th International Symposium on Automated Technology for Verification and Analysis
SPEED: precise and efficient static estimation of program computational complexity
Proceedings of the 36th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A combination framework for tracking partition sizes
Proceedings of the 36th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Compositional shape analysis by means of bi-abduction
Proceedings of the 36th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Security benchmarking using partial verification
HOTSEC'08 Proceedings of the 3rd conference on Hot topics in security
Symbolic String Verification: Combining String Analysis and Size Analysis
TACAS '09 Proceedings of the 15th International Conference on Tools and Algorithms for the Construction and Analysis of Systems: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009,
SoftBound: highly compatible and complete spatial memory safety for c
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Hardware-assisted run-time monitoring for secure program execution on embedded processors
IEEE Transactions on Very Large Scale Integration (VLSI) Systems
Loop-extended symbolic execution on binary programs
Proceedings of the eighteenth international symposium on Software testing and analysis
A Lightweight Buffer Overflow Protection Mechanism with Failure-Oblivious Capability
ICA3PP '09 Proceedings of the 9th International Conference on Algorithms and Architectures for Parallel Processing
Augmenting Counterexample-Guided Abstraction Refinement with Proof Templates
ASE '08 Proceedings of the 2008 23rd IEEE/ACM International Conference on Automated Software Engineering
PtYasm: Software Model Checking with Proof Templates
ASE '08 Proceedings of the 2008 23rd IEEE/ACM International Conference on Automated Software Engineering
Filtering false alarms of buffer overflow analysis using SMT solvers
Information and Software Technology
WYSINWYX: What you see is not what you eXecute
ACM Transactions on Programming Languages and Systems (TOPLAS)
Cartesian factoring of polyhedra in linear relation analysis
SAS'03 Proceedings of the 10th international conference on Static analysis
Low-level library analysis and summarization
CAV'07 Proceedings of the 19th international conference on Computer aided verification
Sufficient preconditions for modular assertion checking
VMCAI'08 Proceedings of the 9th international conference on Verification, model checking, and abstract interpretation
Pentagons: A weakly relational abstract domain for the efficient validation of array accesses
Science of Computer Programming
SUDS: an infrastructure for creating dynamic software defect detection tools
Automated Software Engineering
End-to-end data integrity for file systems: a ZFS case study
FAST'10 Proceedings of the 8th USENIX conference on File and storage technologies
Hierarchical multi-agent protection system for NoC based MPSoCs
Proceedings of the International Workshop on Security and Dependability for Resource Constrained Embedded Systems
Enhancing network-on-chip components to support security of processing elements
WESS '10 Proceedings of the 5th Workshop on Embedded Systems Security
Architectural support for low overhead detection of memory violations
Proceedings of the Conference on Design, Automation and Test in Europe
CUFFS: an instruction count based architectural framework for security of MPSoCs
Proceedings of the Conference on Design, Automation and Test in Europe
Statically inferring complex heap, array, and numeric invariants
SAS'10 Proceedings of the 17th international conference on Static analysis
Points-to analysis as a system of linear equations
SAS'10 Proceedings of the 17th international conference on Static analysis
Taxonomy and classification of automatic monitoring of program security vulnerability exploitations
Journal of Systems and Software
Cruiser: concurrent heap buffer overflow monitoring using lock-free data structures
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
String abstractions for string verification
Proceedings of the 18th international SPIN conference on Model checking software
Compositional Shape Analysis by Means of Bi-Abduction
Journal of the ACM (JACM)
Unleashing the power of static analysis
SAS'06 Proceedings of the 13th international conference on Static Analysis
Static analysis in disjunctive numerical domains
SAS'06 Proceedings of the 13th international conference on Static Analysis
Static analysis of string manipulations in critical embedded c programs
SAS'06 Proceedings of the 13th international conference on Static Analysis
Beyond reachability: shape abstraction in the presence of pointer arithmetic
SAS'06 Proceedings of the 13th international conference on Static Analysis
Abstract dependences for alarm diagnosis
APLAS'05 Proceedings of the Third Asian conference on Programming Languages and Systems
Detecting memory access errors with flow-sensitive conditional range analysis
ICESS'05 Proceedings of the Second international conference on Embedded Software and Systems
An analysis of permutations in arrays
VMCAI'10 Proceedings of the 11th international conference on Verification, Model Checking, and Abstract Interpretation
SWIPE: eager erasure of sensitive data in large scale systems software
Proceedings of the second ACM conference on Data and Application Security and Privacy
Efficient strongly relational polyhedral analysis
VMCAI'06 Proceedings of the 7th international conference on Verification, Model Checking, and Abstract Interpretation
Taming false alarms from a domain-unaware c analyzer by a bayesian statistical post analysis
SAS'05 Proceedings of the 12th international conference on Static Analysis
Understanding the origin of alarms in ASTRÉE
SAS'05 Proceedings of the 12th international conference on Static Analysis
Mitigating program security vulnerabilities: Approaches and challenges
ACM Computing Surveys (CSUR)
DC2: A framework for scalable, scope-bounded software verification
ASE '11 Proceedings of the 2011 26th IEEE/ACM International Conference on Automated Software Engineering
Modeling and analyzing the interaction of C and C++ strings
FoVeOOS'11 Proceedings of the 2011 international conference on Formal Verification of Object-Oriented Software
Taming the wrapping of integer arithmetic
SAS'07 Proceedings of the 14th international conference on Static Analysis
Program analysis using symbolic ranges
SAS'07 Proceedings of the 14th international conference on Static Analysis
Arithmetic strengthening for shape analysis
SAS'07 Proceedings of the 14th international conference on Static Analysis
Loop summarization using state and transition invariants
Formal Methods in System Design
| Hi-index | 0.01 |
Erroneous string manipulations are a major source of software defects in C programs yielding vulnerabilities which are exploited by software viruses. We present C String Static Verifyer (CSSV), a tool that statically uncovers all string manipulation errors. Being a conservative tool, it reports all such errors at the expense of sometimes generating false alarms. Fortunately, only a small number of false alarms are reported, thereby proving that statically reducing software vulnerability is achievable. CSSV handles large programs by analyzing each procedure separately. To this end procedure contracts are allowed which are verified by the tool.We implemented a CSSV prototype and used it to verify the absence of errors in real code from EADS Airbus. When applied to another commonly used string intensive application, CSSV uncovered real bugs with very few false alarms.