Improving security using extensible lightweight static analysis

被引:181
|
作者
Evans, D [1 ]
Larochelle, D [1 ]
机构
[1] Univ Virginia, Sch Engn & Appl Sci, Dept Comp Sci, Charlottesville, VA 22904 USA
来源
IEEE SOFTWARE | 2002年 / 19卷 / 01期
基金
美国国家航空航天局; 美国国家科学基金会;
关键词
Authentication protocols - Legacy code - Lightweight static analysis;
D O I
10.1109/52.976940
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
By David Evans and David Larochelle, pp. 42-51. Most security attacks exploit instances of well-known classes of implementation flaws. Developers could detect and eliminate many of these flaws before deploying the software, yet these problems persist with disturbing frequency-not because the security community doesn't sufficiently understand them but because techniques for preventing them have not been integrated into the software development process. This article describes an extensible tool that uses lightweight static analysis to detect common security vulnerabilities (including buffer overflows and format string vulnerabilities).
引用
收藏
页码:42 / +
页数:11
相关论文
共 50 条
  • [41] A Study on Improving Static Analysis Tools: Why Are We Not Using Them?
    Johnson, Brittany
    2012 34TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE), 2012, : 1607 - 1609
  • [42] Improving spectral-based fault localization using static analysis
    Neelofar, Neelofar
    Naish, Lee
    Lee, Jason
    Ramamohanarao, Kotagiri
    SOFTWARE-PRACTICE & EXPERIENCE, 2017, 47 (11): : 1633 - 1655
  • [43] SEBASTiAn: A static and extensible black-box application security testing tool for iOS and Android applications
    Pagano, Francesco
    Romdhana, Andrea
    Caputo, Davide
    Verderame, Luca
    Merlo, Alessio
    SOFTWAREX, 2023, 23
  • [44] Security analysis of extensible authentication protocol methods based on AAA architecture
    Lee, Jong-Hyouk
    Jung, Su-Jin
    Han, Young-Ju
    Chung, Tai-Myoung
    RECENT PROGRESS IN COMPUTATIONAL SCIENCES AND ENGINEERING, VOLS 7A AND 7B, 2006, 7A-B : 1311 - 1314
  • [45] Lightweight design and static analysis of lattice compressor impeller
    Yuan Zhang
    Fanchun Li
    Dejun Jia
    Scientific Reports, 10
  • [46] Lightweight Generics in Embedded Systems through Static Analysis
    Sallenave, Olivier
    Ducournau, Roland
    ACM SIGPLAN NOTICES, 2012, 47 (05) : 11 - 20
  • [47] Lightweight Design and Static Analysis of Compressor Lattice Impeller
    Guo Z.-C.
    Li F.-C.
    Zhang R.-L.
    Zhang J.-J.
    Zhang Y.
    Tuijin Jishu/Journal of Propulsion Technology, 2022, 43 (02): : 149 - 160
  • [48] Lightweight design and static analysis of lattice compressor impeller
    Zhang, Yuan
    Li, Fanchun
    Jia, Dejun
    SCIENTIFIC REPORTS, 2020, 10 (01)
  • [49] Design of Lightweight and Extensible Tendon-Driven Continuum Robots using Origami Patterns
    Xu, Yunti
    Peyron, Quentin
    Kim, Jongwoo
    Burgner-Kahrs, Jessica
    2021 IEEE 4TH INTERNATIONAL CONFERENCE ON SOFT ROBOTICS (ROBOSOFT), 2021, : 308 - 314
  • [50] Improving Software Quality with Static Analysis
    Foster, Jeffrey S.
    Hicks, Michael W.
    Pugh, William
    PASTE'07 PROCEEDINGS OF THE 2007 ACM SIGPLAN- SIGSOFT WORKSHOP ON PROGRAM ANALYSIS FOR SOFTWARE TOOLS & ENGINEERING, 2007, : 83 - 84
12345