• DocumentCode
    1558890
  • Title

    Improving security using extensible lightweight static analysis

  • Author

    Evans, David ; Larochelle, David

  • Author_Institution
    Dept. of Comput. Sci., Virginia Univ., Charlottesville, VA, USA
  • Volume
    19
  • Issue
    1
  • fYear
    2002
  • Firstpage
    42
  • Lastpage
    51
  • Abstract
    Most security attacks exploit instances of well-known classes of implementation flaws. Developers could detect and eliminate many of these flaws before deploying the software, yet these problems persist with disturbing frequency-not because the security community doesn´t sufficiently understand them but because techniques for preventing them have not been integrated into the software development process. This article describes an extensible tool that uses lightweight static analysis to detect common security vulnerabilities (including buffer overflows and format string vulnerabilities)
  • Keywords
    program diagnostics; security of data; software engineering; buffer overflows; extensible lightweight static analysis; format string vulnerabilities; security attacks; software development; Application software; Buffer overflow; Computer bugs; Computer crime; Frequency; Humans; Information security; Programming; Runtime; Testing;
  • fLanguage
    English
  • Journal_Title
    Software, IEEE
  • Publisher
    ieee
  • ISSN
    0740-7459
  • Type

    jour

  • DOI
    10.1109/52.976940
  • Filename
    976940