CSSV: towards a realistic tool for statically detecting all buffer overflows in C
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
ARCHER: using symbolic, path-sensitive analysis to detect memory access errors
Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
Security in embedded systems: Design challenges
ACM Transactions on Embedded Computing Systems (TECS)
Static program analysis of embedded executable assembly code
Proceedings of the 2004 international conference on Compilers, architecture, and synthesis for embedded systems
IEEE Security and Privacy
Modular checking for buffer overflows in the large
Proceedings of the 28th international conference on Software engineering
Static analysis of executables to detect malicious patterns
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Flow-insensitive static analysis for detecting integer anomalies in programs
SE'07 Proceedings of the 25th conference on IASTED International Multi-Conference: Software Engineering
Beyond bug-finding: sound program analysis for Linux
HOTOS'07 Proceedings of the 11th USENIX workshop on Hot topics in operating systems
Portably solving file TOCTTOU races with hardness amplification
FAST'08 Proceedings of the 6th USENIX Conference on File and Storage Technologies
Synthesising verified access control systems through model checking
Journal of Computer Security
Portably solving file races with hardness amplification
ACM Transactions on Storage (TOS)
HSP: A solution against heap sprays
Journal of Systems and Software
Reverse engineering for mobile systems forensics with Ares
Proceedings of the 2010 ACM workshop on Insider threats
Static analysis of string manipulations in critical embedded c programs
SAS'06 Proceedings of the 13th international conference on Static Analysis
Framework for safe reuse of software binaries
ICDCIT'04 Proceedings of the First international conference on Distributed Computing and Internet Technology
Protecting applications against TOCTTOU races by user-space caching of file metadata
VEE '12 Proceedings of the 8th ACM SIGPLAN/SIGOPS conference on Virtual Execution Environments
Evaluating access control policies through model checking
ISC'05 Proceedings of the 8th international conference on Information Security
Idea: towards architecture-centric security analysis of software
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
STING: finding name resolution vulnerabilities in programs
Security'12 Proceedings of the 21st USENIX conference on Security symposium
An historical examination of open source releases and their vulnerabilities
Proceedings of the 2012 ACM conference on Computer and communications security
Reducing the barriers to writing verified specifications
Proceedings of the ACM international conference on Object oriented programming systems languages and applications
ARMORY: An automatic security testing tool for buffer overflow defect detection
Computers and Electrical Engineering
| Hi-index | 0.00 |
We describe a method for finding security flaws in source code by wayof static analysis.The method is notable because it allows a user tospecify a wide range of security properties while also leveraging aset of predefined common flaws.It works by using an automatedtheorem prover to analyze verification conditions generated from Csource code and a set of specifications that define securityproperties.We demonstrate that the method can be used to identifyreal vulnerabilities in real programs.