Improving Computer Security Using Extended Static Checking

  • Authors:
  • Brian Chess

  • Affiliations:
  • -

  • Venue:
  • SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
  • Year:
  • 2002

Quantified Score

Hi-index 0.00

Visualization

Abstract

We describe a method for finding security flaws in source code by wayof static analysis.The method is notable because it allows a user tospecify a wide range of security properties while also leveraging aset of predefined common flaws.It works by using an automatedtheorem prover to analyze verification conditions generated from Csource code and a set of specifications that define securityproperties.We demonstrate that the method can be used to identifyreal vulnerabilities in real programs.