Improving security using extensible lightweight static analysis

被引:181
|
作者
Evans, D [1 ]
Larochelle, D [1 ]
机构
[1] Univ Virginia, Sch Engn & Appl Sci, Dept Comp Sci, Charlottesville, VA 22904 USA
来源
IEEE SOFTWARE | 2002年 / 19卷 / 01期
基金
美国国家航空航天局; 美国国家科学基金会;
关键词
Authentication protocols - Legacy code - Lightweight static analysis;
D O I
10.1109/52.976940
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
By David Evans and David Larochelle, pp. 42-51. Most security attacks exploit instances of well-known classes of implementation flaws. Developers could detect and eliminate many of these flaws before deploying the software, yet these problems persist with disturbing frequency-not because the security community doesn't sufficiently understand them but because techniques for preventing them have not been integrated into the software development process. This article describes an extensible tool that uses lightweight static analysis to detect common security vulnerabilities (including buffer overflows and format string vulnerabilities).
引用
收藏
页码:42 / +
页数:11
相关论文
共 50 条
  • [21] How far are German companies in improving security through static program analysis tools?
    Piskachev, Goran
    Dziwok, Stefan
    Koch, Thorsten
    Merschjohann, Sven
    Bodden, Eric
    2022 IEEE SECURE DEVELOPMENT CONFERENCE (SECDEV 2022), 2022, : 7 - 15
  • [22] ILSM: Incorporated Lightweight Security Model for Improving QOS in WSN
    Shah A.M.
    Aljubayri M.
    Khan M.F.
    Alqahtani J.
    Hassan M.U.
    Sulaiman A.
    Shaikh A.
    Computer Systems Science and Engineering, 2023, 46 (02): : 2471 - 2488
  • [23] ECSTATIC: An Extensible Framework for Testing and Debugging Configurable Static Analysis
    Mordahl, Austin
    Zhang, Zenong
    Soles, Dakota
    Wei, Shiyi
    2023 IEEE/ACM 45TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING, ICSE, 2023, : 550 - 562
  • [24] A semi-automatic extensible static defect analysis tool
    Liang G.-T.
    Meng N.
    Li J.-H.
    Zhong H.
    Zhang L.
    Wang Q.-X.
    Jisuanji Xuebao/Chinese Journal of Computers, 2011, 34 (06): : 1114 - 1125
  • [25] SOLO: A Lightweight Static Analysis for Differential Privacy
    Abuah, Chike
    Darais, David
    Near, Joseph P.
    PROCEEDINGS OF THE ACM ON PROGRAMMING LANGUAGES-PACMPL, 2022, 6 (OOPSLA): : 699 - 728
  • [26] Lightweight Static Analysis to Detect Polymorphic Exploit Code with Static Analysis Resistant Technique
    Kim, Daewon
    Kim, Ikkyun
    Oh, Jintae
    Cho, Hyunsook
    2009 IEEE INTERNATIONAL CONFERENCE ON COMMUNICATIONS, VOLS 1-8, 2009, : 904 - 909
  • [27] Extensible web browser security
    Ter Luow, Mike
    Lim, Jin Soon
    Venkatakrishnan, V. N.
    DETECTION OF INTRUSIONS AND MALWARE, AND VULNERABILITY ASSESSMENT, PROCEEDINGS, 2007, 4579 : 1 - +
  • [28] Improving Efficiency of Extensible Processors by Using Approximate Custom Instructions
    Kamal, Mehdi
    Ghasemazar, Amin
    Afzali-Kusha, Ali
    Pedram, Massoud
    2014 DESIGN, AUTOMATION AND TEST IN EUROPE CONFERENCE AND EXHIBITION (DATE), 2014,
  • [29] Improving Security of Lightweight Authentication Technique for Heterogeneous Wireless Sensor Networks
    Vorugunti, Chandra Sekhar
    Mishra, Bharavi
    Amin, Ruhul
    Badoni, Rakesh P.
    Sarvabhatla, Mrudula
    Mishra, Dheerendra
    WIRELESS PERSONAL COMMUNICATIONS, 2017, 95 (03) : 3141 - 3166
  • [30] Improving Security of Lightweight Authentication Technique for Heterogeneous Wireless Sensor Networks
    Chandra Sekhar Vorugunti
    Bharavi Mishra
    Ruhul Amin
    Rakesh P. Badoni
    Mrudula Sarvabhatla
    Dheerendra Mishra
    Wireless Personal Communications, 2017, 95 : 3141 - 3166
12345