DocumentCode :
2880878
Title :
Flow-sensitive buffer overrun detection based on syntax node
Author :
Guangdeng, Liao ; Fang, Liu ; Yonghua, Wu
Author_Institution :
Dept. of Comput. Sci. & Eng., Shanghai Jiao Tong Univ., China
Volume :
2
fYear :
2005
fDate :
12-14 Oct. 2005
Firstpage :
1100
Lastpage :
1103
Abstract :
This paper addresses the issue of identifying buffer overrun vulnerabilities by statically analyzing security-critical C source code. We demonstrate one algorithm with flow-sensitive analysis to gain variable´s activity area. Different from other tools, the detection and analyzing process of our algorithm is based on syntax node which makes it context sensitive, and also makes the system scalable and fast owing to limited kinds of syntax nodes of C language. Based on them, a prototype has been built and used to identify several vulnerabilities in popular security critical applications.
Keywords :
C language; buffer storage; program diagnostics; security of data; C language syntax nodes; buffer overrun vulnerabilities; flow-sensitive analysis; flow-sensitive buffer overrun detection; security-critical C source code; syntax node; Algorithm design and analysis; Application software; Databases; Programming profession; Prototypes; Security; Snow; Software engineering; Software libraries; Software tools;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Communications and Information Technology, 2005. ISCIT 2005. IEEE International Symposium on
Print_ISBN :
0-7803-9538-7
Type :
conf
DOI :
10.1109/ISCIT.2005.1567060
Filename :
1567060
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2880878
بازگشت