Abstract | ||
---|---|---|
Buffer overflow attacks are a persisting security threat in C programs. The C Standard library provides functions for string handling that lack any bound checks. This paper presents astatic approach for buffer overflow detection by identifying the likely vulnerabilities through an analysis of the source code. We defined a set of predicates, based on the function's specifications, that determine whether the operation is safe or not. This paper describes an implementation of the approach as an extension of HIP/SLEEK, an automated verification system basedon the separation logic. The static buffer overflow detector proved to have good results even in tricky cases, such as pointer aliasing and overlapping memory. |
Year | DOI | Venue |
---|---|---|
2018 | 10.1109/ROEDUNET.2018.8514126 | 2018 17th RoEduNet Conference: Networking in Education and Research (RoEduNet) |
Keywords | DocType | ISSN |
verification,buffer overflows,code analysis | Conference | 2068-1038 |
ISBN | Citations | PageRank |
978-1-5386-7136-8 | 1 | 0.36 |
References | Authors | |
1 | 4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Andreea Bican | 1 | 1 | 0.36 |
Razvan Deaconescu | 2 | 6 | 3.24 |
Wei-Ngan Chin | 3 | 868 | 63.37 |
Quang-Trung Ta | 4 | 8 | 3.83 |