Efficient detection of all pointer and array access errors
PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation
Static detection of dynamic memory errors
PLDI '96 Proceedings of the ACM SIGPLAN 1996 conference on Programming language design and implementation
Points-to analysis in almost linear time
POPL '96 Proceedings of the 23rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Lackwit: a program understanding tool based on type inference
ICSE '97 Proceedings of the 19th international conference on Software engineering
Proceedings of the ACM SIGPLAN 1999 conference on Programming language design and implementation
Proceedings of the 1999 ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
ESEC/FSE-7 Proceedings of the 7th European software engineering conference held jointly with the 7th ACM SIGSOFT international symposium on Foundations of software engineering
A sound type system for secure flow analysis
Journal of Computer Security
Type-base flow analysis: from polymorphic subtyping to CFL-reachability
POPL '01 Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Protecting privacy using the decentralized label model
ACM Transactions on Software Engineering and Methodology (TOSEM)
A Theory of Objects
A Type-Based Approach to Program Security
TAPSOFT '97 Proceedings of the 7th International Joint Conference CAAP/FASE on Theory and Practice of Software Development
An Extended Static Checker for Modular-3
CC '98 Proceedings of the 7th International Conference on Compiler Construction
ITS4: A static vulnerability scanner for C and C++ code
ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
The complexity of subtype entailment for simple types
LICS '97 Proceedings of the 12th Annual IEEE Symposium on Logic in Computer Science
Checking system rules using system-specific, programmer-written compiler extensions
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
Runtime verification of authorization hook placement for the linux security modules framework
Proceedings of the 9th ACM conference on Computer and communications security
MOPS: an infrastructure for examining security properties of software
Proceedings of the 9th ACM conference on Computer and communications security
ATEC '02 Proceedings of the General Track of the annual conference on USENIX Annual Technical Conference
Using CQUAL for Static Analysis of Authorization Hook Placement
Proceedings of the 11th USENIX Security Symposium
Buffer overflow and format string overflow vulnerabilities
Software—Practice & Experience - Special issue: Security software
Types and Effects for Asymmetric Cryptographic Protocols
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Using Replication and Partitioning to Build Secure Distributed Systems
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Tracking pointers with path and context sensitivity for bug detection in C programs
Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
Model-carrying code: a practical approach for safe execution of untrusted applications
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Countering code-injection attacks with instruction-set randomization
Proceedings of the 10th ACM conference on Computer and communications security
Securing web application code by static analysis and runtime protection
Proceedings of the 13th international conference on World Wide Web
Resolving and applying constraint queries on context-sensitive analyses
Proceedings of the 5th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
The set constraint/CFL reachability connection in practice
Proceedings of the ACM SIGPLAN 2004 conference on Programming language design and implementation
Consistency analysis of authorization hook placement in the Linux security modules framework
ACM Transactions on Information and System Security (TISSEC)
Transparent proxies for java futures
OOPSLA '04 Proceedings of the 19th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Pluggable verification modules: an extensible protection mechanism for the JVM
OOPSLA '04 Proceedings of the 19th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Correlation exploitation in error ranking
Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
Using build-integrated static checking to preserve correctness invariants
Proceedings of the 11th ACM conference on Computer and communications security
A Hardware-Software Platform for Intrusion Prevention
Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
ACM SIGPLAN Notices
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Context-sensitive program analysis as database queries
Proceedings of the twenty-fourth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Visualizing type qualifier inference with Eclipse
eclipse '04 Proceedings of the 2004 OOPSLA workshop on eclipse technology eXchange
DynaMine: finding common error patterns by mining software revision histories
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
A testing framework for Web application security assessment
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Preventing format-string attacks via automatic and efficient dynamic checking
Proceedings of the 12th ACM conference on Computer and communications security
Error checking with client-driven pointer analysis
Science of Computer Programming - Special issue: Static analysis symposium (SAS 2003)
Gaining and maintaining confidence in operating systems security
EW 10 Proceedings of the 10th workshop on ACM SIGOPS European workshop
Data lifetime is a systems problem
Proceedings of the 11th workshop on ACM SIGOPS European workshop
Applying flow-sensitive CQUAL to verify MINIX authorization check placement
Proceedings of the 2006 workshop on Programming languages and analysis for security
Precise alias analysis for static detection of web application vulnerabilities
Proceedings of the 2006 workshop on Programming languages and analysis for security
The case for analysis preserving language transformation
Proceedings of the 2006 international symposium on Software testing and analysis
Flow-insensitive type qualifiers
ACM Transactions on Programming Languages and Systems (TOPLAS)
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
FormatGuard: automatic protection from printf format string vulnerabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
High coverage detection of input-related security facults
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Preventing privilege escalation
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Scrash: a system for generating secure crash information
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Privtrans: automatically partitioning programs for privilege separation
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Finding user/kernel pointer bugs with type inference
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Understanding data lifetime via whole system simulation
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Non-control-data attacks are realistic threats
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Finding security vulnerabilities in java applications with static analysis
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
OPUS: online patches and updates for security
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Large-scale analysis of format string vulnerabilities in Debian Linux
Proceedings of the 2007 workshop on Programming languages and analysis for security
Type qualifier inference for java
Proceedings of the 22nd annual ACM SIGPLAN conference on Object-oriented programming systems and applications
Types and effects for asymmetric cryptographic protocols
Journal of Computer Security - Special issue on CSFW15
Some thoughts on security after ten years of qmail 1.0
Proceedings of the 2007 ACM workshop on Computer security architecture
Improving Xen security through disaggregation
Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Hang analysis: fighting responsiveness bugs
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
CMV: automatic verification of complete mediation for java virtual machines
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Characterizing Bots' Remote Control Behavior
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
FormatShield: A Binary Rewriting Defense against Format String Attacks
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
Vigilante: End-to-end containment of Internet worm epidemics
ACM Transactions on Computer Systems (TOCS)
Efficient and extensible security enforcement using dynamic data flow analysis
Proceedings of the 15th ACM conference on Computer and communications security
A generic type-and-effect system
Proceedings of the 4th international workshop on Types in language design and implementation
Implicit Flows: Can't Live with `Em, Can't Live without `Em
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
Static analysis for inference of explicit information flow
Proceedings of the 8th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Staged information flow for javascript
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
TAJ: effective taint analysis of web applications
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Automatic dimension inference and checking for object-oriented programs
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Persona: an online social network with user-defined privacy
Proceedings of the ACM SIGCOMM 2009 conference on Data communication
Robustly secure computer systems: a new security paradigm of system discontinuity
NSPW '07 Proceedings of the 2007 Workshop on New Security Paradigms
A testing framework for Web application security assessment
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Finding bugs in exceptional situations of JNI programs
Proceedings of the 16th ACM conference on Computer and communications security
Precise analysis of string expressions
SAS'03 Proceedings of the 10th international conference on Static analysis
Client-driven pointer analysis
SAS'03 Proceedings of the 10th international conference on Static analysis
Type-dependence analysis and program transformation for symbolic execution
TACAS'07 Proceedings of the 13th international conference on Tools and algorithms for the construction and analysis of systems
The verifying compiler: a grand challenge for computing research
CC'03 Proceedings of the 12th international conference on Compiler construction
SUDS: an infrastructure for creating dynamic software defect detection tools
Automated Software Engineering
An empirical investigation into open source web applications' implementation vulnerabilities
Empirical Software Engineering
Static analysis for detecting taint-style vulnerabilities in web applications
Journal of Computer Security
Policy framework for security and privacy management
IBM Journal of Research and Development
An empirical study of privacy-violating information flows in JavaScript web applications
Proceedings of the 17th ACM conference on Computer and communications security
Fast and practical instruction-set randomization for commodity systems
Proceedings of the 26th Annual Computer Security Applications Conference
Extending type systems in a library: Type-safe XML processing in C++
Science of Computer Programming
Saving the world wide web from vulnerable JavaScript
Proceedings of the 2011 International Symposium on Software Testing and Analysis
GuardRails: a data-centric web application security framework
WebApps'11 Proceedings of the 2nd USENIX conference on Web application development
Exploring the relationship betweenweb application development tools and security
WebApps'11 Proceedings of the 2nd USENIX conference on Web application development
Practical elimination of external interaction vulnerabilities in web applications
Journal of Web Engineering
F4F: taint analysis of framework-based web applications
Proceedings of the 2011 ACM international conference on Object oriented programming systems languages and applications
Transparent run-time prevention of format-string attacks via dynamic taint and flexible validation
ISC'06 Proceedings of the 9th international conference on Information Security
Using type qualifiers to analyze untrusted integers and detecting security flaws in c programs
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
Securing c programs by dynamic type checking
ISPEC'06 Proceedings of the Second international conference on Information Security Practice and Experience
Interprocedural analysis for privileged code placement and tainted variable detection
ECOOP'05 Proceedings of the 19th European conference on Object-Oriented Programming
Defending against injection attacks through context-sensitive string evaluation
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Using dependent types to certify the safety of assembly code
SAS'05 Proceedings of the 12th international conference on Static Analysis
SafeCard: a gigabit IPS on the network card
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Efficient and effective buffer overflow protection on ARM processors
WISTP'10 Proceedings of the 4th IFIP WG 11.2 international conference on Information Security Theory and Practices: security and Privacy of Pervasive Systems and Smart Devices
Kimchi: a binary rewriting defense against format string attacks
WISA'05 Proceedings of the 6th international conference on Information Security Applications
DroidChecker: analyzing android applications for capability leak
Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks
Mitigating program security vulnerabilities: Approaches and challenges
ACM Computing Surveys (CSUR)
Detecting control flow in smarphones: combining static and dynamic analyses
CSS'12 Proceedings of the 4th international conference on Cyberspace Safety and Security
ANDROMEDA: accurate and scalable security analysis of web applications
FASE'13 Proceedings of the 16th international conference on Fundamental Approaches to Software Engineering
Composing polymorphic information flow systems with reference immutability
Proceedings of the 15th Workshop on Formal Techniques for Java-like Programs
Chucky: exposing missing checks in source code for vulnerability discovery
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
SilverLine: preventing data leaks from compromised web applications
Proceedings of the 29th Annual Computer Security Applications Conference
Information and Software Technology
Proceedings of the 23rd international conference on World wide web
| Hi-index | 0.00 |
We present a new system for automatically detecting format string security vulnerabilities in C programs using a constraint-based type-inference engine. We describe new techniques for presenting the results of such an analysis to the user in a form that makes bugs easier to find and to fix. The system has been implemented and tested on several real-world software packages. Our tests show that the system is very effective, detecting several bugs previously unknown to the authors and exhibiting a low rate of false positives in almost all cases. Many of our techniques are applicable to additional classes of security vulnerabilities, as well as other type- and constraint-based systems.