static analysis of format string vulnerabilities
文献类型:会议论文
| 作者 | Han Wei ; Ren Mengfei ; Tian Shuo ; Ding Liping ; He Yeping |
| 出版日期 | 2011 |
| 会议名称 | 1st ACIS International Symposium on Software and Network Engineering, SSNE 2011 |
| 会议日期 | December 19, 2011 - December 20, 2011 |
| 会议地点 | Seoul, Korea, Republic of |
| 关键词 | C (programming language) Safety engineering |
| 页码 | 122-127 |
| 中文摘要 | This paper presents a novel approach, based on static analysis, to detect format string vulnerabilities in C programs. Format string vulnerability is viewed as a finite state safety property. The analysis is expressed as a system of constraint describing how the safety state at one program point is related to the state at adjacent program points. Our analysis is inter-procedurally flow sensitive and intra-procedurally path sensitive. To avoid state space explosion in inter-procedural analysis, we use procedural summary instead of analyzing the called function holistically. The experimental results show that this method can effectively locate format string vulnerabilities in C programs. In comparison with other static approaches, ours can greatly reduce false positive. © 2011 IEEE. |
| 英文摘要 | This paper presents a novel approach, based on static analysis, to detect format string vulnerabilities in C programs. Format string vulnerability is viewed as a finite state safety property. The analysis is expressed as a system of constraint describing how the safety state at one program point is related to the state at adjacent program points. Our analysis is inter-procedurally flow sensitive and intra-procedurally path sensitive. To avoid state space explosion in inter-procedural analysis, we use procedural summary instead of analyzing the called function holistically. The experimental results show that this method can effectively locate format string vulnerabilities in C programs. In comparison with other static approaches, ours can greatly reduce false positive. © 2011 IEEE. |
| 收录类别 | EI |
| 会议主办者 | International Association for; Computer and Information Science (ACIS); Seoul National University |
| 会议录 | Proceedings - 1st ACIS International Symposium on Software and Network Engineering, SSNE 2011
 |
| 语种 | 英语 |
| ISBN号 | 9780769546315 |
| 源URL | [http://ir.iscas.ac.cn/handle/311060/16298]  |
| 专题 | 软件研究所_软件所图书馆_会议论文 |
| 推荐引用方式 GB/T 7714 | Han Wei,Ren Mengfei,Tian Shuo,et al. static analysis of format string vulnerabilities[C]. 见:1st ACIS International Symposium on Software and Network Engineering, SSNE 2011. Seoul, Korea, Republic of. December 19, 2011 - December 20, 2011. |
入库方式: OAI收割
来源:软件研究所
浏览0
下载0
收藏0
其他版本
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。