Andreea Bican, Răzvan Deaconescu, W. Chin, Quang-Trung Ta
{"title":"C程序中C缓冲区溢出的验证","authors":"Andreea Bican, Răzvan Deaconescu, W. Chin, Quang-Trung Ta","doi":"10.1109/ROEDUNET.2018.8514126","DOIUrl":null,"url":null,"abstract":"Buffer overflow attacks are a persisting security threat in C programs. The C Standard library provides functions for string handling that lack any bound checks. This paper presents astatic approach for buffer overflow detection by identifying the likely vulnerabilities through an analysis of the source code. We defined a set of predicates, based on the function’s specifications, that determine whether the operation is safe or not. This paper describes an implementation of the approach as an extension of HIP/SLEEK, an automated verification system basedon the separation logic. The static buffer overflow detector proved to have good results even in tricky cases, such as pointer aliasing and overlapping memory.","PeriodicalId":407088,"journal":{"name":"2018 17th RoEduNet Conference: Networking in Education and Research (RoEduNet)","volume":"168 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Verification of C Buffer Overflows in C Programs\",\"authors\":\"Andreea Bican, Răzvan Deaconescu, W. Chin, Quang-Trung Ta\",\"doi\":\"10.1109/ROEDUNET.2018.8514126\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Buffer overflow attacks are a persisting security threat in C programs. The C Standard library provides functions for string handling that lack any bound checks. This paper presents astatic approach for buffer overflow detection by identifying the likely vulnerabilities through an analysis of the source code. We defined a set of predicates, based on the function’s specifications, that determine whether the operation is safe or not. This paper describes an implementation of the approach as an extension of HIP/SLEEK, an automated verification system basedon the separation logic. The static buffer overflow detector proved to have good results even in tricky cases, such as pointer aliasing and overlapping memory.\",\"PeriodicalId\":407088,\"journal\":{\"name\":\"2018 17th RoEduNet Conference: Networking in Education and Research (RoEduNet)\",\"volume\":\"168 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 17th RoEduNet Conference: Networking in Education and Research (RoEduNet)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ROEDUNET.2018.8514126\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 17th RoEduNet Conference: Networking in Education and Research (RoEduNet)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ROEDUNET.2018.8514126","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Buffer overflow attacks are a persisting security threat in C programs. The C Standard library provides functions for string handling that lack any bound checks. This paper presents astatic approach for buffer overflow detection by identifying the likely vulnerabilities through an analysis of the source code. We defined a set of predicates, based on the function’s specifications, that determine whether the operation is safe or not. This paper describes an implementation of the approach as an extension of HIP/SLEEK, an automated verification system basedon the separation logic. The static buffer overflow detector proved to have good results even in tricky cases, such as pointer aliasing and overlapping memory.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
