Proceedings Article10.1145/1029894.1029911
Testing static analysis tools using exploitable buffer overflows from open source code
Misha Zitser,Richard P. Lippmann,Tim Leek +2 more
- 31 Oct 2004
- Vol. 29, Iss: 6, pp 97-106
TL;DR: Five modern static analysis tools (ARCHER, BOON, Poly-Space C Verifier, Splint, and UNO) were evaluated using source code examples containing 14 exploitable buffer overflow vulnerabilities found in various versions of Sendmail, BIND, and WU-FTPD.
read more
Abstract: Five modern static analysis tools (ARCHER, BOON, Poly-Space C Verifier, Splint, and UNO) were evaluated using source code examples containing 14 exploitable buffer overflow vulnerabilities found in various versions of Sendmail, BIND, and WU-FTPD. Each code example included a "BAD" case with and a "OK" case without buffer overflows. Buffer overflows varied and included stack, heap, bss and data buffers; access above and below buffer bounds; access using pointers, indices, and functions; and scope differences between buffer creation and use. Detection rates for the "BAD" examples were low except for Poly-Space and Splint which had average detection rates of 87% and 57%, respectively. However, average false alarm rates were high and roughly 50% for these two tools. On patched programs these two tools produce one warning for every 12 to 46 lines of source code and neither tool appears able to accurately distinguished between vulnerable and patched code.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
The C programming language
Brian W. Kernighan,Dennis M. Ritchie +1 more
- 01 Jan 1978
TL;DR: This ebook is the first authorized digital version of Kernighan and Ritchie's 1988 classic, The C Programming Language (2nd Ed.), and is a "must-have" reference for every serious programmer's digital library.
2.2K
Modeling and Discovering Vulnerabilities with Code Property Graphs
Fabian Yamaguchi,Nico Golde,Daniel Arp,Konrad Rieck +3 more
- 18 May 2014
TL;DR: This paper introduces a novel representation of source code called a code property graph that merges concepts of classic program analysis, namely abstract syntax trees, control flow graphs and program dependence graphs, into a joint data structure that enables it to elegantly model templates for common vulnerabilities with graph traversals that can identify buffer overflows, integer overflOWS, format string vulnerabilities, or memory disclosures.
LAVA: Large-Scale Automated Vulnerability Addition
Brendan Dolan-Gavitt,Patrick Hulin,Engin Kirda,Tim Leek,Andrea Mambretti,Wil Robertson,Frederick Ulrich,Ryan Whelan +7 more
- 22 May 2016
TL;DR: LAVA, a novel dynamic taint analysis-based technique for producing ground-truth corpora by quickly and automatically injecting large numbers of realistic bugs into program source code, forms the basis of an approach for generating large ground- Truth vulnerability corpora on demand, enabling rigorous tool evaluation and providing a high-quality target for tool developers.
379
discovRE: Efficient Cross-Architecture Identification of Bugs in Binary Code.
Sebastian Eschweiler,Khaled Yakdan,Elmar Gerhards-Padilla +2 more
- 01 Jan 2016
TL;DR: A new approach to efficiently search for similar functions in binary code, called discovRE, that supports four instruction set architectures (x86, x64, ARM, MIPS) and is four orders of magnitude faster than the state-of-the-art academic approach for cross-architecture bug search in binaries.
338
Evaluating static analysis defect warnings on production software
Nathaniel Ayewah,William Pugh,J. David Morgenthaler,John Penix,YuQian Zhou +4 more
- 13 Jun 2007
TL;DR: FindBugs, a static analysis tool that finds defects in Java programs, is discussed and the kinds of warnings generated and the classification of warnings into false positives, trivial bugs and serious bugs are discussed.
References
•Book
Compilers: Principles, Techniques, and Tools
Alfred V. Aho,Ravi Sethi,Jeffrey D. Ullman +2 more
- 01 Jan 1986
TL;DR: This book discusses the design of a Code Generator, the role of the Lexical Analyzer, and other topics related to code generation and optimization.
9.7K
The C programming language
Brian W. Kernighan,Dennis M. Ritchie +1 more
- 01 Jan 1978
TL;DR: This ebook is the first authorized digital version of Kernighan and Ritchie's 1988 classic, The C Programming Language (2nd Ed.), and is a "must-have" reference for every serious programmer's digital library.
2.2K
•Proceedings Article
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
Crispin Cowan,Calton Pu,Dave Maier,Heather Hintony,Jonathan Walpole,Peat Bakke,Steve Beattie,Aaron Grier,Perry Wagle,Qian Zhang +9 more
- 26 Jan 1998
TL;DR: StackGuard is described: a simple compiler technique that virtually eliminates buffer overflow vulnerabilities with only modest performance penalties, and a set of variations on the technique that trade-off between penetration resistance and performance.
Static determination of dynamic properties of programs
Patrick Cousot,Radhia Cousot +1 more
- 01 Jan 1976
623
ESP: path-sensitive program verification in polynomial time
Manuvir Das,Sorin Lerner,Mark C. Seigle +2 more
- 17 May 2002
TL;DR: This paper presents a new algorithm for partial program verification that runs in polynomial time and space, and shows that property simulation scales to large programs and is accurate enough to verify meaningful properties.