Buffer overrun detection using linear programming and static analysis

Vinod Ganapathy, Somesh Jha, David Chandler, David Melski, David Vitek

Research output: Contribution to journalConference articlepeer-review

63 Scopus citations

Abstract

This paper addresses the issue of identifying buffer overrun vulnerabilities by statically analyzing C source code. We demonstrate a light-weight analysis based on modeling C string manipulations as a linear program. We also present fast, scalable solvers based on linear programming, and demonstrate techniques to make the program analysis context sensitive. Based on these techniques, we built a prototype and used it to identify several vulnerabilities in popular security critical applications.

Original languageEnglish (US)
Pages (from-to)345-354
Number of pages10
JournalProceedings of the ACM Conference on Computer and Communications Security
DOIs
StatePublished - 2003
Externally publishedYes
EventProceedings of the 10th ACM Conference on Computer and Communications Security, CCS 2003 - Washington, DC, United States
Duration: Oct 27 2003Oct 31 2003

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Networks and Communications

Keywords

  • Buffer overruns
  • Linear programming
  • Static analysis

Fingerprint

Dive into the research topics of 'Buffer overrun detection using linear programming and static analysis'. Together they form a unique fingerprint.

Cite this