Improving computer security using extended static checking

被引:25
|
作者
Chess, BV [1 ]
机构
[1] Univ Calif Santa Cruz, Dept Comp Sci, Santa Cruz, CA 95064 USA
来源
2002 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, PROCEEDINGS | 2002年
关键词
D O I
10.1109/SECPRI.2002.1004369
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
We describe a method for finding security flaws in source code by way, of static analysis. The method is notable because it allows a user to specify a wide range of security properties while also leveraging a set of pre-defined common flaws. It works by using an automated theorem prover to analyze verification conditions generated from C source code and a set of specifications that define security properties. We demonstrate that the method can be used to identify real vulnerabilities in real programs.
引用
收藏
页码:160 / 173
页数:14
相关论文
共 50 条
  • [21] Automated security checking and patching using TestTalk
    Liu, C
    Richardson, DJ
    FIFTEENTH IEEE INTERNATIONAL CONFERENCE ON AUTOMATED SOFTWARE ENGINEERING, PROCEEDINGS, 2000, : 261 - 264
  • [22] Enhancement in Security using Extended Security Techniques
    Mane, Aishwarya Shahaji
    Dalvi, Rupali
    2018 3RD INTERNATIONAL CONFERENCE FOR CONVERGENCE IN TECHNOLOGY (I2CT), 2018,
  • [23] Improving Security in SCADA Systems through Model-checking with TLA
    Obeidat, Nawar
    Purdy, Carla
    2021 IEEE INTERNATIONAL MIDWEST SYMPOSIUM ON CIRCUITS AND SYSTEMS (MWSCAS), 2021, : 832 - 835
  • [24] Improving Cloud Security by Enhancing Remote Data Integrity Checking Algorithm
    Suganya, S.
    Vincent, P. M. Durai Raj
    2017 INNOVATIONS IN POWER AND ADVANCED COMPUTING TECHNOLOGIES (I-PACT), 2017,
  • [25] Combining Static Analysis and Runtime Checking in Security Aspects for Distributed Tuple Spaces
    Yang, Fan
    Aotani, Tomoyuki
    Masuhara, Hidehiko
    Nielson, Flemming
    Nielson, Hanne Riis
    COORDINATION MODELS AND LANGUAGES, COORDINATION 2011, 2011, 6721 : 202 - 218
  • [26] Checking security properties by model checking
    De Francesco, N
    Lettieri, G
    SOFTWARE TESTING VERIFICATION & RELIABILITY, 2003, 13 (03): : 181 - 196
  • [27] IMPROVING THE SECURITY PERFORMANCE IN COMPUTER GRIDS Architecture and Results
    Moralis, A.
    Pouli, V.
    Grammatikou, M.
    Papavassiliou, S.
    Maglaris, V.
    GRID ENABLED REMOTE INSTRUMENTATION, 2009, : 361 - 375
  • [28] Computer security from a programming language and static analysis perspective
    Leroy, X
    PROGRAMMING LANGUAGES AND SYSTEMS, 2003, 2618 : 1 - 9
  • [29] Implementation of Parallel Model Checking for Computer-Based Test Security Design
    Bin Ab Malek, Muhammad Syafiq
    Bin Ahmadon, Mohd Anuaruddin
    Yamaguchi, Shingo
    Gupta, Brij Bhooshan
    2016 7TH INTERNATIONAL CONFERENCE ON INFORMATION AND COMMUNICATION SYSTEMS (ICICS), 2016, : 258 - 263
  • [30] Improving the Security of Downloadable Java']Java Applications With Static Analysis
    Cregut, Pierre
    Alvarado, Cuihtlauac
    ELECTRONIC NOTES IN THEORETICAL COMPUTER SCIENCE, 2005, 141 (01) : 129 - 144
12345