Statically detecting buffer overflows in C/C++

Statically detecting buffer overflows in C/C++

The paper describes a static analysis approach for buffer overflow detection in C/C++ source code. This algorithm is designed to be path-sensitive as it is based on symbolic execution with state merging. For now, it works only with buffers on stack or on static memory with compile-time known size. W...

Full description

Bibliographic Details
Main Authors:	I. . Dudina, V. . Koshelev, A. . Borodin
Format:	Article
Language:	English
Published:	Ivannikov Institute for System Programming of the Russian Academy of Sciences 2018-10-01
Series:	Труды Института системного программирования РАН
Subjects:	статический анализ поиск дефектов переполнение буфера чувствительность к путям символьное исполнение
Online Access:	https://ispranproceedings.elpub.ru/jour/article/view/144

Similar Items

Inter-procedural buffer overflows detection in C/C++ source code via static analysis
by: I. . Dudina
Published: (2018-10-01)

Path-sensitive bug detection analysis of C# program illustrated by null pointer dereference
by: V. . Koshelev, et al.
Published: (2018-10-01)

C# static analysis framework
by: V. . Koshelev, et al.
Published: (2018-10-01)

Buffer Overflow Detection via Static Analysis: Expectations vs. Reality
by: I. A. Dudina
Published: (2018-10-01)

An approach to the C string analysis for buffer overflow detection
by: I. A. Dudina, et al.
Published: (2018-12-01)

Method for exploitability estimation of program bugs
by: A. N. Fedotov
Published: (2018-10-01)

A static analysis tool Svace as a collection of analyzers with various complexity levels
by: A. . Borodin, et al.
Published: (2018-10-01)

Combining dynamic symbolic execution, code static analysis and fuzzing
by: A. Yu. Gerasimov, et al.
Published: (2019-02-01)

Incremental source code analysis for C/C++ languages
by: V. O. Savitsky, et al.
Published: (2018-10-01)

Formalization of Error Criteria for static symbolic execution
by: V. K. Koshelev
Published: (2018-10-01)

Buffer overrun detection method in binary code
by: V. V. Kaushan
Published: (2018-10-01)

When stack protection does not protect the stack?
by: Pavel Dovgalyuk, et al.
Published: (2018-10-01)

Using unreachable code analysis in static analysis tool for finding defects in source code
by: R. R. Mulyukov, et al.
Published: (2018-10-01)

Type inference for Python programming language
by: I. E. Bronshteyn
Published: (2018-10-01)

Approach to detecting types inconsistency errors in a program code in dynamic languages
by: I. E. Bronshteyn
Published: (2018-10-01)

Summary-based method of implementing arbitrary context-sensitive checks for source-based analysis via symbolic execution
by: A. . Dergachev, et al.
Published: (2018-10-01)

Automated exploit generation method for stack buffer overflow vulnerabilities
by: V. A. Padaryan, et al.
Published: (2018-10-01)

Next generation intermediate representations for binary code analysis
by: M. A. Solovev, et al.
Published: (2019-02-01)

Static detection of error of double locking of mutex
by: Alexey Borodin
Published: (2018-10-01)

Vulnerabilities Detection via Static Taint Analysis
by: Nikita Vladimirovitch Chimtchik, et al.
Published: (2019-09-01)

Using static analysis for finding security vulnerabilities and critical errors in source code
by: Arutyun Avetisyan, et al.
Published: (2018-10-01)

Platform for interprocedural static analysis of binary code
by: H. K. Aslanyan
Published: (2018-12-01)

An approach of reachability determination for static analysis defects with help of dynamic symbolic execution
by: A. Y. Gerasimov, et al.
Published: (2018-10-01)

Interprocedural taint analysis for LLVM-bitcode
by: V. K. Koshelev, et al.
Published: (2018-10-01)

Supporting Java programming in the Svace static analyzer
by: A. P. Merkulov, et al.
Published: (2018-10-01)

Using different views java-programs for static analysis
by: E. A. Karpulevitch
Published: (2018-10-01)

Static analyzer Svace for finding of defects in program source code
by: V. P. Ivannikov, et al.
Published: (2018-10-01)

Survey on static program analysis results refinement approaches
by: A. Y. Gerasimov
Published: (2018-10-01)

Static Verification Tools for C Programs and Linux Device Drivers: A Survey
by: M. U. Mandrykin, et al.
Published: (2018-10-01)

Avalanche: adaptation of parallel and distributed computing for dynamic analysis to improve performance of defect detection
by: M. K. Ermakov, et al.
Published: (2018-10-01)

Memory violation detection method in binary code
by: V. V. Kaushan, et al.
Published: (2018-10-01)

Analyzing C/C++ code entities and relations for program understanding
by: A. . Belevantsev, et al.
Published: (2018-10-01)

Lightweight Static Analysis for Data Race Detection in Operating System Kernels
by: P. S. Andrianov, et al.
Published: (2018-10-01)

Mechanisms for extending the system of static analysis Svace by new types of detectors of vulnerabilities and critical errors
by: Arutyun Avetisyan, et al.
Published: (2018-10-01)

Chuvstvitel'nost' Ureaplasma urealyticum k antibiotikam
by: M V Shapran
Published: (2005-02-01)

Building security predicates for some types of vulnerabilities
by: A. N. Fedotov, et al.
Published: (2018-10-01)

A static approach to estimation of execution time of components in AADL models
by: A. M. Troitskiy, et al.
Published: (2018-10-01)

Input data generation for reaching specific function in program by iterative dynamic analysis
by: A. Y. Gerasimov, et al.
Published: (2018-10-01)

Automatic concurrency defect detection for Android applications
by: V. P. Ivannikov, et al.
Published: (2018-10-01)

Scalable code clone detection tool based on semantic analysis
by: Sevak Sargsyan, et al.
Published: (2018-10-01)