Improving computer security using extended static checking

被引:25
|
作者
Chess, BV [1 ]
机构
[1] Univ Calif Santa Cruz, Dept Comp Sci, Santa Cruz, CA 95064 USA
来源
2002 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, PROCEEDINGS | 2002年
关键词
D O I
10.1109/SECPRI.2002.1004369
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
We describe a method for finding security flaws in source code by way, of static analysis. The method is notable because it allows a user to specify a wide range of security properties while also leveraging a set of pre-defined common flaws. It works by using an automated theorem prover to analyze verification conditions generated from C source code and a set of specifications that define security properties. We demonstrate that the method can be used to identify real vulnerabilities in real programs.
引用
收藏
页码:160 / 173
页数:14
相关论文
共 50 条
  • [1] Extended Static Checking by Calculation Using the Pointfree Transform
    Oliveira, Jose N.
    LANGUAGE ENGINEERING AND RIGOROUS SOFTWARE DEVELOPMENT, 2009, 5520 : 195 - 251
  • [2] Applications of extended static checking
    Rustan, K
    Leino, M
    STATIC ANALYSIS, PROCEEDINGS, 2001, 2126 : 185 - 193
  • [3] Extended static checking for Java']Java
    Nelson, G
    MATHEMATICS OF PROGRAM CONSTRUCTION, PROCEEDINGS, 2004, 3125 : 1 - 1
  • [4] Extended static checking for Java']Java
    Flanagan, C
    Leino, KRM
    Lillibridge, M
    Nelson, G
    Saxe, JB
    Stata, R
    ACM SIGPLAN NOTICES, 2002, 37 (05) : 234 - 245
  • [5] Extended Static Checking for Java']Java
    Flanagan, Cormac
    Leino, K. Rustan M.
    Lillibridge, Mark
    Nelson, Greg
    Saxe, James B.
    Stata, Raymie
    ACM SIGPLAN NOTICES, 2013, 48 (04) : 22 - 33
  • [6] Calysto: Scalable and Precise Extended Static Checking
    Babic, Domagoj
    Hu, Alan J.
    ICSE'08 PROCEEDINGS OF THE THIRTIETH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING, 2008, : 211 - 220
  • [7] Improving security using extensible lightweight static analysis
    Evans, D
    Larochelle, D
    IEEE SOFTWARE, 2002, 19 (01) : 42 - +
  • [8] Improving the Quality of Web-based Enterprise Applications with Extended Static Checking: A Case Study
    Rioux, Frederic
    Chalin, Patrice
    ELECTRONIC NOTES IN THEORETICAL COMPUTER SCIENCE, 2006, 157 (02) : 119 - 132
  • [9] Extended static checking: A ten-year perspective
    Leino, KRM
    INFORMATICS - 10 YEARS BACK, 10 YEARS AHEAD, 2001, 2000 : 157 - 175
  • [10] Towards practical reactive security audit using extended static checkers
    Vanegue, Julien
    Lahiri, Shuvendu K.
    2013 IEEE SYMPOSIUM ON SECURITY AND PRIVACY (SP), 2013, : 33 - 47
12345