Value-Range Analysis of C Programs: Towards Proving the Absence of Buffer Overflow Vulnerabilities

نویسنده

Axel Simon

چکیده

We may not be able to make you love reading, but value range analysis of c programs towards proving the absence of buffer overflow vulnerabilities will lead you to love reading starting from now. Book is the window to open the new world. The world that you want is in the better stage and level. World will always guide you to even the prestige stage of the life. You know, this is some of how reading will give you the kindness. In this case, more books you read more knowledge you know, but it can mean also the bore is full.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Dynamic Buffer Overflow Detection

The capabilities of seven dynamic buffer overflow detection tools (Chaperon, Valgrind, CCured, CRED, Insure++, ProPolice and TinyCC) are evaluated in this paper. These tools employ different approaches to runtime buffer overflow detection and range from commercial products to opensource gcc-enhancements. A comprehensive testsuite was developed consisting of specifically-designed test cases and ...

متن کامل

Using type analysis in compiler to mitigate integer-overflow-to-buffer-overflow threat

One of the top two causes of software vulnerabilities in operating systems is the integer overflow. A typical integer overflow vulnerability is the Integer Overflow to Buffer Overflow (IO2BO for short) vulnerability. IO2BO is an underestimated threat. Many programmers have not realized the existence of IO2BO and its harm. Even for those who are aware of IO2BO, locating and fixing IO2BO vulnerab...

متن کامل

Statically Detecting Likely Buffer Overflow Vulnerabilities

Buffer overflow attacks may be today’s single most important security threat. This paper presents a new approach to mitigating buffer overflow vulnerabilities by detecting likely vulnerabilities through an analysis of the program source code. Our approach exploits information provided in semantic comments and uses lightweight and efficient static analyses. This paper describes an implementation...

متن کامل

Using Type Qualifiers to Analyze Untrusted Integers and Detecting Security Flaws in C Programs

Incomplete or improper input validation is one of the major sources of security bugs in programs. While traditional approaches often focus on detecting string related buffer overflow vulnerabilities, we present an approach to automatically detect potential integer misuse, such as integer overflows in C programs. Our tool is based on CQual, a static analysis tool using type theory. Our technique...

متن کامل

A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities

We describe a new technique for finding potential buffer overrun vulnerabilities in security-critical C code. The key to success is to use static analysis: we formulate detection of buffer overruns as an integer range analysis problem. One major advantage of static analysis is that security bugs can be eliminated before code is deployed. We have implemented our design and used our prototype to ...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}

با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره شماره

صفحات -

تاریخ انتشار 2008

Value-Range Analysis of C Programs: Towards Proving the Absence of Buffer Overflow Vulnerabilities

نویسنده

چکیده

منابع مشابه

Dynamic Buffer Overflow Detection

Using type analysis in compiler to mitigate integer-overflow-to-buffer-overflow threat

Statically Detecting Likely Buffer Overflow Vulnerabilities

Using Type Qualifiers to Analyze Untrusted Integers and Detecting Security Flaws in C Programs

A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities

عنوان ژورنال:

اشتراک گذاری