Static detection of dynamic memory errors
PLDI '96 Proceedings of the ACM SIGPLAN 1996 conference on Programming language design and implementation
CCured: type-safe retrofitting of legacy code
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Checking system rules using system-specific, programmer-written compiler extensions
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
Statically detecting likely buffer overflow vulnerabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Detecting format string vulnerabilities with type qualifiers
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
| Hi-index | 0.00 |
Recently, there has been a lot of work in the verification of security properties in programs. Engler et al. use static analysis to find flaws in the implementation of Linux device drivers, such as the failure to release locks [4]. Edwards et al. use static and dynamic analysis to verify that the authorization hooks of the Linux Security Modules (LSM) framework are placed such that all the necessary authorizations are performed [2, 12]. In addition, Shankar et al. and Larochelle et al. show how to use static analysis tools to find program vulnerabilities, such as buffer overflows and printf vulnerabilities [7, 10, 11]. Lastly, Necula et al. show that we use detect and leverage the cases in which C is used in a type-safe manner in order to detect memory errors [9]. Runtime verification can be used to detect errors in other cases.