The C programming language
Interprocedural may-alias analysis for pointers: beyond k-limiting
PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation
On the complexity of escape analysis
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
ARCHER: using symbolic, path-sensitive analysis to detect memory access errors
Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Backwards-compatible array bounds checking for C with very low overhead
Proceedings of the 28th international conference on Software engineering
Modular checking for buffer overflows in the large
Proceedings of the 28th international conference on Software engineering
Evaluating static analysis defect warnings on production software
PASTE '07 Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Refining buffer overflow detection via demand-driven path-sensitive analysis
PASTE '07 Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Large-scale analysis of format string vulnerabilities in Debian Linux
Proceedings of the 2007 workshop on Programming languages and analysis for security
A buffer overflow benchmark for software model checkers
Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
DSD-Crasher: A hybrid analysis tool for bug finding
ACM Transactions on Software Engineering and Methodology (TOSEM)
Detecting buffer overflow via automatic test input data generation
Computers and Operations Research
Evaluation of static source code analyzers for avionics software development
ACM SIGAda Ada Letters
Testing for buffer overflows with length abstraction
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
Parfait: designing a scalable bug checker
Proceedings of the 2008 workshop on Static analysis
Integrating web application security into the IT curriculum
SIGITE '08 Proceedings of the 9th ACM SIGITE conference on Information technology education
Constraint Solving and Symbolic Execution
Verified Software: Theories, Tools, Experiments
Security Assessment Framework Using Static Analysis and Fault Injection
ICIC '08 Proceedings of the 4th international conference on Intelligent Computing: Advanced Intelligent Computing Theories and Applications - with Aspects of Theoretical and Methodological Issues
Marple: a demand-driven path-sensitive buffer overflow detector
Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering
Loop Summarization Using Abstract Transformers
ATVA '08 Proceedings of the 6th International Symposium on Automated Technology for Verification and Analysis
Program analysis for bug detection using parfait: invited talk
Proceedings of the 2009 ACM SIGPLAN workshop on Partial evaluation and program manipulation
Detection of Security Vulnerabilities Using Guided Model Checking
ICLP '08 Proceedings of the 24th International Conference on Logic Programming
Secure Software Engineering: Learning from the Past to Address Future Challenges
Information Security Journal: A Global Perspective
Combining predicate and numeric abstraction for software model checking
Proceedings of the 2008 International Conference on Formal Methods in Computer-Aided Design
Idea: Measuring the Effect of Code Complexity on Static Analysis Results
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
Hardware-assisted run-time monitoring for secure program execution on embedded processors
IEEE Transactions on Very Large Scale Integration (VLSI) Systems
BegBunch: benchmarking for C bug detection tools
Proceedings of the 2nd International Workshop on Defects in Large Software Systems: Held in conjunction with the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2009)
Loop-extended symbolic execution on binary programs
Proceedings of the eighteenth international symposium on Software testing and analysis
Filtering false alarms of buffer overflow analysis using SMT solvers
Information and Software Technology
Program analysis via satisfiability modulo path programs
Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Orthrus: efficient software integrity protection on multi-cores
Proceedings of the fifteenth edition of ASPLOS on Architectural support for programming languages and operating systems
Automatically refining abstract interpretations
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
Towards a unified fault-detection benchmark
Proceedings of the 9th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Modular inference of subprogram contracts for safety checking
Journal of Symbolic Computation
Fade to Grey: Tuning Static Program Analysis
Electronic Notes in Theoretical Computer Science (ENTCS)
Proceedings of the eighteenth ACM SIGSOFT international symposium on Foundations of software engineering
SPIN'10 Proceedings of the 17th international SPIN conference on Model checking software
Statically-directed dynamic automated test generation
Proceedings of the 2011 International Symposium on Software Testing and Analysis
Generating analyses for detecting faults in path segments
Proceedings of the 2011 International Symposium on Software Testing and Analysis
SimFuzz: Test case similarity directed deep fuzzing
Journal of Systems and Software
Taming false alarms from a domain-unaware c analyzer by a bayesian statistical post analysis
SAS'05 Proceedings of the 12th international conference on Static Analysis
Comparing bug finding tools with reviews and tests
TestCom'05 Proceedings of the 17th IFIP TC6/WG 6.1 international conference on Testing of Communicating Systems
A model for security vulnerability pattern
ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part III
Mitigating program security vulnerabilities: Approaches and challenges
ACM Computing Surveys (CSUR)
Development and evaluation of LAV: an SMT-based error finding platform
VSTTE'12 Proceedings of the 4th international conference on Verified Software: theories, tools, experiments
DC2: A framework for scalable, scope-bounded software verification
ASE '11 Proceedings of the 2011 26th IEEE/ACM International Conference on Automated Software Engineering
Design and implementation of sparse global analyses for C-like languages
Proceedings of the 33rd ACM SIGPLAN conference on Programming Language Design and Implementation
Residual investigation: predictive and precise bug detection
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Comparing and applying attack surface metrics
Proceedings of the 4th international workshop on Security measurements and metrics
Innovations in Systems and Software Engineering
Proceedings of the 2013 International Conference on Software Engineering
Marple: Detecting faults in path segments using automatically generated analyses
ACM Transactions on Software Engineering and Methodology (TOSEM) - In memoriam, fault detection and localization, formal methods, modeling and design
Loop summarization using state and transition invariants
Formal Methods in System Design
Dowsing for overflows: a guided fuzzer to find buffer boundary violations
SEC'13 Proceedings of the 22nd USENIX conference on Security
Hi-index | 0.00 |
Five modern static analysis tools (ARCHER, BOON, Poly-Space C Verifier, Splint, and UNO) were evaluated using source code examples containing 14 exploitable buffer overflow vulnerabilities found in various versions of Sendmail, BIND, and WU-FTPD. Each code example included a "BAD" case with and a "OK" case without buffer overflows. Buffer overflows varied and included stack, heap, bss and data buffers; access above and below buffer bounds; access using pointers, indices, and functions; and scope differences between buffer creation and use. Detection rates for the "BAD" examples were low except for Poly-Space and Splint which had average detection rates of 87% and 57%, respectively. However, average false alarm rates were high and roughly 50% for these two tools. On patched programs these two tools produce one warning for every 12 to 46 lines of source code and neither tool appears able to accurately distinguished between vulnerable and patched code.