Memory management with explicit regions
PLDI '98 Proceedings of the ACM SIGPLAN 1998 conference on Programming language design and implementation
Proceedings of the ACM SIGPLAN 1999 conference on Programming language design and implementation
A static analyzer for finding dynamic programming errors
Software—Practice & Experience
Flow-sensitive type qualifiers
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
A system and language for building system-specific, static analyses
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Checking and inferring local non-aliasing
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
Type qualifiers: lightweight specifications to improve software quality
Type qualifiers: lightweight specifications to improve software quality
MECA: an extensible, expressive system and language for statically checking security properties
Proceedings of the 10th ACM conference on Computer and communications security
Testing static analysis tools using exploitable buffer overflows from open source code
Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
BOINC: A System for Public-Resource Computing and Storage
GRID '04 Proceedings of the 5th IEEE/ACM International Workshop on Grid Computing
Improving software security with a C pointer analysis
Proceedings of the 27th international conference on Software engineering
Preventing format-string attacks via automatic and efficient dynamic checking
Proceedings of the 12th ACM conference on Computer and communications security
Cooperative bug isolation
Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Flow-insensitive type qualifiers
ACM Transactions on Programming Languages and Systems (TOPLAS)
Modular information hiding and type-safe linking for C
TLDI '07 Proceedings of the 2007 ACM SIGPLAN international workshop on Types in languages design and implementation
FormatGuard: automatic protection from printf format string vulnerabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Detecting format string vulnerabilities with type qualifiers
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Scrash: a system for generating secure crash information
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Finding user/kernel pointer bugs with type inference
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Finding security vulnerabilities in java applications with static analysis
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Static detection of security vulnerabilities in scripting languages
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
ALS '01 Proceedings of the 5th annual Linux Showcase & Conference - Volume 5
Verifying security properties using type-qualifier inference
Verifying security properties using type-qualifier inference
Implicit Flows: Can't Live with `Em, Can't Live without `Em
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
Quality Factors and Coding Standards -- a Comparison Between Open Source Forges
Electronic Notes in Theoretical Computer Science (ENTCS)
Dynamic test generation to find integer bugs in x86 binary linux programs
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Finite state machine based approach to prevent format string attacks
ACM SIGSOFT Software Engineering Notes
Mitigating program security vulnerabilities: Approaches and challenges
ACM Computing Surveys (CSUR)
Runtime countermeasures for code injection attacks against C and C++ programs
ACM Computing Surveys (CSUR)
| Hi-index | 0.00 |
Format-string bugs are a relatively common security vulnerability, and can lead to arbitrary code execution. In collaboration with others, we designed and implemented a system to eliminate format string vulnerabilities from an entire Linux distribution, using type-qualifier inference, a static analysis technique that can find taint violations. We successfully analyze 66% of C/C++ source packages in the Debian 3.1 Linux distribution. Our system finds 1,533 format string taint warnings. We estimate that 85% of these are true positives, i.e., real bugs; ignoring duplicates from libraries, about 75% are real bugs. We suggest that the technology exists to render format string vulnerabilities extinct in the near future.