DocumentCode
1558890
Title
Improving security using extensible lightweight static analysis
Author
Evans, David ; Larochelle, David
Author_Institution
Dept. of Comput. Sci., Virginia Univ., Charlottesville, VA, USA
Volume
19
Issue
1
fYear
2002
Firstpage
42
Lastpage
51
Abstract
Most security attacks exploit instances of well-known classes of implementation flaws. Developers could detect and eliminate many of these flaws before deploying the software, yet these problems persist with disturbing frequency-not because the security community doesn´t sufficiently understand them but because techniques for preventing them have not been integrated into the software development process. This article describes an extensible tool that uses lightweight static analysis to detect common security vulnerabilities (including buffer overflows and format string vulnerabilities)
Keywords
program diagnostics; security of data; software engineering; buffer overflows; extensible lightweight static analysis; format string vulnerabilities; security attacks; software development; Application software; Buffer overflow; Computer bugs; Computer crime; Frequency; Humans; Information security; Programming; Runtime; Testing;
fLanguage
English
Journal_Title
Software, IEEE
Publisher
ieee
ISSN
0740-7459
Type
jour
DOI
10.1109/52.976940
Filename
976940
Link To Document