A Case Study in Detecting Software Security Vulnerabilities Using Constraint Optimization

Florence, Italy November 10-December 10

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/SCAM.2001.972661

First IEEE International Workshop on ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Michael Weber Articles by Viren Shah Articles by Chris Ren

	ASCII Text	x
	Michael Weber, Viren Shah, Chris Ren, "A Case Study in Detecting Software Security Vulnerabilities Using Constraint Optimization," Source Code Analysis and Manipulation, IEEE International Workshop on, pp. 0003, First IEEE International Workshop on Source Code Analysis and Manipulation, 2001.

	BibTex	x
	@article{ 10.1109/SCAM.2001.972661, author = {Michael Weber and Viren Shah and Chris Ren}, title = {A Case Study in Detecting Software Security Vulnerabilities Using Constraint Optimization}, journal ={Source Code Analysis and Manipulation, IEEE International Workshop on}, volume = {0}, year = {2001}, isbn = {0-7695-1387-5}, pages = {0003}, doi = {http://doi.ieeecomputersociety.org/10.1109/SCAM.2001.972661}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Source Code Analysis and Manipulation, IEEE International Workshop on TI - A Case Study in Detecting Software Security Vulnerabilities Using Constraint Optimization SN - 0-7695-1387-5 SP EP A1 - Michael Weber, A1 - Viren Shah, A1 - Chris Ren, PY - 2001 KW - static analysis KW - buffer overflow KW - software security KW - software certification VL - 0 JA - Source Code Analysis and Manipulation, IEEE International Workshop on ER -

Michael Weber, Cigital, Inc.

Viren Shah, Cigital, Inc.

Chris Ren, Cigital, Inc.

We present a case study in static analysis, with a focus on static methods for detecting buffer overflow vulnerabilities in software. We describe in detail a tool called Mjolnir that we have developed which improves upon existing static analysis techniques for detecting buffer overflow. The architecture and process flow of this tool are presented. We discuss some common static analysis obstacles in terms of where they were encountered in developing this tool and the steps that were taken to overcome them. A prototype of the tool has been implemented and used for detecting buffer overflow vulnerabilities in C programs and experimental results are presented that demonstrate the effectiveness of the tool.

Index Terms:

static analysis, buffer overflow, software security, software certification

Citation:

Michael Weber, Viren Shah, Chris Ren, "A Case Study in Detecting Software Security Vulnerabilities Using Constraint Optimization," scam, pp.0003, First IEEE International Workshop on Source Code Analysis and Manipulation, 2001

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.