Title :
A case study in detecting software security vulnerabilities using constraint optimization
Author :
Weber, Michael ; Shah, Viren ; Ren, Chris
Author_Institution :
Cigital, Inc., Dulles, VA, USA
Abstract :
In this paper we present a case study in static analysis, with a focus on static methods for detecting buffer overflow vulnerabilities in software. We describe in detail a tool called Mjolnir that we have developed which improves upon existing static analysis techniques for detecting buffer overflow. The architecture and process flow of this tool are presented We discuss some common static analysis obstacles in terms of where they were encountered in developing this tool and the steps that were taken to overcome them. A prototype of the tool has been implemented and used for detecting buffer overflow vulnerabilities in C programs and experimental results are presented that demonstrate the effectiveness of the tool
Keywords :
program diagnostics; security of data; software tools; C programs; Mjolnir tool; buffer overflow vulnerability detection; constraint optimization; software security vulnerability detection; static analysis; Algorithm design and analysis; Buffer overflow; Computer aided software engineering; Constraint optimization; Optimization methods; Prototypes; Runtime; Security; Software prototyping; Software tools;
Conference_Titel :
Source Code Analysis and Manipulation, 2001. Proceedings. First IEEE International Workshop on
Conference_Location :
Florence
Print_ISBN :
0-7695-1387-5
DOI :
10.1109/SCAM.2001.972661
