Efficient detection of all pointer and array access errors
PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation
Static detection of dynamic memory errors
PLDI '96 Proceedings of the ACM SIGPLAN 1996 conference on Programming language design and implementation
Points-to analysis in almost linear time
POPL '96 Proceedings of the 23rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Lackwit: a program understanding tool based on type inference
ICSE '97 Proceedings of the 19th international conference on Software engineering
Proceedings of the ACM SIGPLAN 1999 conference on Programming language design and implementation
Proceedings of the 1999 ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
ESEC/FSE-7 Proceedings of the 7th European software engineering conference held jointly with the 7th ACM SIGSOFT international symposium on Foundations of software engineering
A sound type system for secure flow analysis
Journal of Computer Security
Type-base flow analysis: from polymorphic subtyping to CFL-reachability
POPL '01 Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Protecting privacy using the decentralized label model
ACM Transactions on Software Engineering and Methodology (TOSEM)
A Theory of Objects
A Type-Based Approach to Program Security
TAPSOFT '97 Proceedings of the 7th International Joint Conference CAAP/FASE on Theory and Practice of Software Development
An Extended Static Checker for Modular-3
CC '98 Proceedings of the 7th International Conference on Compiler Construction
ITS4: A static vulnerability scanner for C and C++ code
ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
The complexity of subtype entailment for simple types
LICS '97 Proceedings of the 12th Annual IEEE Symposium on Logic in Computer Science
Checking system rules using system-specific, programmer-written compiler extensions
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
Towards security testing with taint analysis and genetic algorithms
Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems
Hi-index | 0.00 |
We present a new system for automatically detecting format string security vulnerabilities in C programs using a constraint-based type-inference engine. We describe new techniques for presenting the results of such an analysis to the user in a form that makes bugs easier to find and to fix. The system has been implemented and tested on several real-world software packages. Our tests show that the system is very effective, detecting several bugs previously unknown to the authors and exhibiting a low rate of false positives in almost all cases. Many of our techniques are applicable to additional classes of security vulnerabilities, as well as other type-and constraint-based systems.