Security '01 Abstract
Statically Detecting Likely Buffer Overflow Vulnerabilities
Larochelle, University of Virginia, Department of Computer Science
Buffer overflow attacks may be
today’s single most important security threat.
This paper presents a new approach to mitigating buffer overflow
vulnerabilities by detecting likely vulnerabilities through an analysis of the
program source code. Our approach
exploits information provided in semantic comments and uses lightweight and
efficient static analyses. This paper
describes an implementation of our approach that extends the LCLint
annotation-assisted static checking tool.
Our tool is as fast as a compiler and nearly as easy to use. We present experience using our approach to
detect buffer overflow vulnerabilities in two security-sensitive programs.
- View the full text of this paper in
The Proceedings are published as a collective work, © 2001 by the USENIX Association. All Rights Reserved. Rights
to individual papers remain with the author or the author's employer.
Permission is granted for the noncommercial reproduction of the complete
work for educational or research purposes. USENIX acknowledges all
trademarks within this paper.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
- To become a USENIX Member, please see our Membership Information.