Internet Archive Scholar

Buffer overrun detection using linear programming and static analysis

Vinod Ganapathy, Somesh Jha, David Chandler, David Melski, David Vitek
2003 Proceedings of the 10th ACM conference on Computer and communication security - CCS '03  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (236.9 kB)
https://web.archive.org/web/20041101172210/http://www.cs.wisc.edu:80/~jha/jha-papers/security/CCS_2003.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2004; you can also visit the original URL. The file type is application/pdf.

This paper addresses the issue of identifying buffer overrun vulnerabilities by statically analyzing C source code. We demonstrate a light-weight analysis based on modeling C string manipulations as a linear program. We also present fast, scalable solvers based on linear programming, and demonstrate techniques to make the program analysis context sensitive. Based on these techniques, we built a prototype and used it to identify several vulnerabilities in popular security critical applications.
doi:10.1145/948152.948155 fatcat:jqnz4txfpjb2dchiertyujplwi
Citation

Vinod Ganapathy, Somesh Jha, David Chandler, David Melski, David Vitek. "Buffer overrun detection using linear programming and static analysis." Proceedings of the 10th ACM conference on Computer and communication security - CCS '03 (2003)