Security '01 Abstract
Detecting Format String Vulnerabilities with Type Qualifiers
Umesh Shankar, Kunal Talwar, Jeffrey S. Foster and David Wagner, University of California at Berkeley
We present a new system for automatically detecting format string
security vulnerabilities in C programs using a constraint-based
type-inference engine. We describe new techniques for presenting the
results of such an analysis to the user in a form that makes bugs
easier to find and to fix. The system has been implemented and tested
on several real-world software packages. Our tests show that the
system is very effective, detecting several bugs previously unknown to
the authors and exhibiting a low rate of false positives in almost all
cases. Many of our techniques are applicable to additional classes of
security vulnerabilities, as well as other type- and constraint-based
- View the full text of this paper in
The Proceedings are published as a collective work, © 2001 by the USENIX Association. All Rights Reserved. Rights
to individual papers remain with the author or the author's employer.
Permission is granted for the noncommercial reproduction of the complete
work for educational or research purposes. USENIX acknowledges all
trademarks within this paper.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
- To become a USENIX Member, please see our Membership Information.