中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 软件所图书馆  > 会议论文
Title:
static analysis of format string vulnerabilities
Author: Han Wei ; Ren Mengfei ; Tian Shuo ; Ding Liping ; He Yeping
Source: Proceedings - 1st ACIS International Symposium on Software and Network Engineering, SSNE 2011
Conference Name: 1st ACIS International Symposium on Software and Network Engineering, SSNE 2011
Conference Date: December 19, 2011 - December 20, 2011
Issued Date: 2011
Conference Place: Seoul, Korea, Republic of
Keyword: C (programming language) ; Safety engineering
Indexed Type: EI
ISBN: 9780769546315
Department: (1) National Engineering Research Center for Fundamental Software Institute of Software Beijing China; (2) Graduate School Chinese Academy of Science Beijing China; (3) School of Information Science and Technology Shijiazhuang Tiedao University Hebei China; (4) International School of Software Wuhan University Hubei China
Sponsorship: International Association for; Computer and Information Science (ACIS); Seoul National University
Abstract: This paper presents a novel approach, based on static analysis, to detect format string vulnerabilities in C programs. Format string vulnerability is viewed as a finite state safety property. The analysis is expressed as a system of constraint describing how the safety state at one program point is related to the state at adjacent program points. Our analysis is inter-procedurally flow sensitive and intra-procedurally path sensitive. To avoid state space explosion in inter-procedural analysis, we use procedural summary instead of analyzing the called function holistically. The experimental results show that this method can effectively locate format string vulnerabilities in C programs. In comparison with other static approaches, ours can greatly reduce false positive. © 2011 IEEE.
English Abstract: This paper presents a novel approach, based on static analysis, to detect format string vulnerabilities in C programs. Format string vulnerability is viewed as a finite state safety property. The analysis is expressed as a system of constraint describing how the safety state at one program point is related to the state at adjacent program points. Our analysis is inter-procedurally flow sensitive and intra-procedurally path sensitive. To avoid state space explosion in inter-procedural analysis, we use procedural summary instead of analyzing the called function holistically. The experimental results show that this method can effectively locate format string vulnerabilities in C programs. In comparison with other static approaches, ours can greatly reduce false positive. © 2011 IEEE.
Language: 英语
Content Type: 会议论文
URI: http://ir.iscas.ac.cn/handle/311060/16298
Appears in Collections:软件所图书馆_会议论文

Files in This Item:

There are no files associated with this item.


Recommended Citation:
Han Wei,Ren Mengfei,Tian Shuo,et al. static analysis of format string vulnerabilities[C]. 见:1st ACIS International Symposium on Software and Network Engineering, SSNE 2011. Seoul, Korea, Republic of. December 19, 2011 - December 20, 2011.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[Han Wei]'s Articles
[Ren Mengfei]'s Articles
[Tian Shuo]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[Han Wei]‘s Articles
[Ren Mengfei]‘s Articles
[Tian Shuo]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2019  中国科学院软件研究所 - Feedback
Powered by CSpace