Buffer Overrun Detection Using Linear Programming and Static Analysis

Ganapathy, Vinod; Jha, Somesh; Chandler, David; Melski, David; Vitek, David

Buffer Overrun Detection Using Linear Programming and Static Analysis

Files

TR1488.pdf (3.2 MB)

Date

2003

Authors

Ganapathy, Vinod

Jha, Somesh

Chandler, David

Melski, David

Vitek, David

Type

Technical Report

Publisher

University of Wisconsin-Madison Department of Computer Sciences

Abstract

This paper addresses the issue of identifiing buffer overrun vulnerabilities by statically analyzing C source code. We demonstrate a scalable analysis based on modeling C string manipulations as a linear program. We also present fast, scalable solvers based on linear programming, and demonstrate how to make the analysis context sensitive. Based on these techniques, we built a prototype and used it to identify several vulnerabilities in popular security critical applications.

Citation

TR1488

URI

http://digital.library.wisc.edu/1793/60368

Collections

CS Technical Reports

Full item page

Buffer Overrun Detection Using Linear Programming and Static Analysis

Files

Date

Authors

Advisors

License

DOI

Type

Journal Title

Journal ISSN

Volume Title

Publisher

Grantor

Abstract

Description

Keywords

Related Material and Data

Citation

Sponsorship

URI

Collections

Endorsement

Review

Supplemented By

Referenced By