Proceedings Article10.1109/SECPRI.2002.1004369
Improving computer security using extended static checking
Brian Chess
- 12 May 2002
- pp 160-173
TL;DR: A method for finding security flaws in source code by way of static analysis that works by using an automated theorem prover to analyze verification conditions generated from C source code and a set of specifications that define security properties is described.
read more
Abstract: We describe a method for finding security flaws in source code by way of static analysis. The method is notable because it allows a user to specify a wide range of security properties while also leveraging a set of predefined common flaws. It works by using an automated theorem prover to analyze verification conditions generated from C source code and a set of specifications that define security properties. We demonstrate that the method can be used to identify real vulnerabilities in real programs.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Semantics-aware malware detection
Mihai Christodorescu,Somesh Jha,Sanjit A. Seshia,Dawn Song,Randal E. Bryant +4 more
- 08 May 2005
TL;DR: Experimental evaluation demonstrates that the malware-detection algorithm can detect variants of malware with a relatively low run-time overhead and the semantics-aware malware detection algorithm is resilient to common obfuscations used by hackers.
Static analysis of executables to detect malicious patterns
Mihai Christodorescu,Somesh Jha +1 more
- 04 Aug 2003
TL;DR: An architecture for detecting malicious patterns in executables that is resilient to common obfuscation transformations is presented, and experimental results demonstrate the efficacy of the prototype tool, SAFE (a static analyzer for executables).
Security in embedded systems: Design challenges
TL;DR: An introduction to the challenges involved in secure embedded system design is provided, recent advances in addressing them are discussed, and opportunities for future research are identified.
Static Analysis for Security
Brian Chess,G. McGraw +1 more
TL;DR: This work looks at how to automate source-code security analysis with static analysis tools and finds a simple and efficient way to do so.
403
Static analysis for security
B. Chess,Gary McGraw +1 more
- 01 Nov 2004
TL;DR: This work looks at how to automate source-code security analysis with static analysis tools and finds a simple and efficient way to do so.
372
References
Proof-carrying code
George C. Necula
- 01 Jan 1997
TL;DR: It is shown in this paper how proof-carrying code might be used to develop safe assembly-language extensions of ML programs and the adequacy of concrete representations for the safety policy, the safety proofs, and the proof validation is proved.
1.9K
•Book
JavaScript: The Definitive Guide
David Flanagan,Paula Ferguson +1 more
- 01 Jan 1996
TL;DR: This Fifth Edition is completely revised and expanded to cover JavaScript as it is used in today's Web 2.0 applications, with new chapters that explain everything you need to know to get the most out of JavaScript.
723
A taxonomy of computer program security flaws
TL;DR: This survey provides a taxonomy for computer program security flaws, with an Appendix that documents 50 actual security flaws that provide a good introduction to the characteristics of security flaws and how they can arise.
Extended static checking
K. Rustan M. Leino
- 08 Jun 1998
TL;DR: This talk reports on some of the research results of and the current state of the Extended Static Checking project at DEC SRC.
Related Papers (5)
Ken Ashcraft,Dawson Engler +1 more
- 12 May 2002
John Viega,J.T. Bloch,Y. Kohno,Gary McGraw +3 more
- 11 Dec 2000
B. Chess,Gary McGraw +1 more
- 01 Nov 2004