Title :
Improving security using extensible lightweight static analysis
Author :
Evans, David ; Larochelle, David
Author_Institution :
Dept. of Comput. Sci., Virginia Univ., Charlottesville, VA, USA
Abstract :
Most security attacks exploit instances of well-known classes of implementation flaws. Developers could detect and eliminate many of these flaws before deploying the software, yet these problems persist with disturbing frequency-not because the security community doesn´t sufficiently understand them but because techniques for preventing them have not been integrated into the software development process. This article describes an extensible tool that uses lightweight static analysis to detect common security vulnerabilities (including buffer overflows and format string vulnerabilities)
Keywords :
program diagnostics; security of data; software engineering; buffer overflows; extensible lightweight static analysis; format string vulnerabilities; security attacks; software development; Application software; Buffer overflow; Computer bugs; Computer crime; Frequency; Humans; Information security; Programming; Runtime; Testing;
Journal_Title :
Software, IEEE
