Title :
Improving software security with a C pointer analysis
Author :
Avots, Dzintars ; Dalton, Michael ; Livshits, V. Benjamin ; Lam, Monica S.
Author_Institution :
Dept. of Comput. Sci., Stanford Univ., CA, USA
Abstract :
This paper presents a context-sensitive, inclusion-based, field-sensitive points-to analysis for C, which we use to detect and prevent program security vulnerabilities. In addition to a conservative points-to analysis, we propose an optimistic analysis that assumes a more restricted C semantics reflecting common C usage in order to increase the precision of the analysis. Using the proposed pointer alias analyses, we infer the types of variables in C programs and show that most C variables are used in a manner consistent with their declared types. We show that pointer analysis can be used to reduce the overhead of a dynamic string-buffer overflow detector by 30% to 100% among applications with significant overheads. Finally, using pointer analysis, we statically discover twelve actual format string vulnerabilities in three of the 12 programs we analyze.
Keywords :
C language; buffer storage; data flow analysis; data structures; object-oriented programming; security of data; type theory; C pointer analysis; C variables type inference; context-sensitive inclusion-based field-sensitive points-to analysis; dynamic analysis; dynamic string-buffer overflow detection; error detection; optimistic analysis; program analysis; software security; type safety; Algorithm design and analysis; Buffer overflow; Computer languages; National security; Operating systems; Permission; Protection; Software debugging; Software safety; Software tools;
Conference_Titel :
Software Engineering, 2005. ICSE 2005. Proceedings. 27th International Conference on
Print_ISBN :
1-59593-963-2
DOI :
10.1109/ICSE.2005.1553576
