Buffer Overrun Detection Using Linear Programming and Static Analysis

Abstract

This paper addresses the issue of identifying buffer overrun vulnerabilities by statically analyzing C source code. We demonstrate a light-weight analysis based on modeling C string manipulations as a linear program. We also present fast, scalable solvers based on linear programming, and demonstrate techniques to make the program analysis context sensitive. Based on these techniques, we built a prototype and used it to identify several vulnerabilities in popular security critical applications.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Oct 01, 2003
Accession Number
ADA452533

Entities

People

  • David Chandler
  • David Melski
  • David Vitek
  • Somesh Jha
  • Vinod Ganapathy

Organizations

  • University of Wisconsin Madison Department of Computer Science

Tags

Communities of Interest

  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • Abstracts
  • Algorithms
  • Computer Programming
  • Computer Programs
  • Computer Science
  • Debugging
  • Detectors
  • False Alarms
  • Language
  • Linear Programming
  • Models
  • Operations Research
  • Optimization
  • Reliability
  • Security
  • Vulnerability
  • Warning Systems

Fields of Study

  • Computer science
  • Engineering

Readers

  • Cybersecurity.
  • Distributed Systems and Data Platform Development
  • Linear Algebra