[22655] in bugtraq
Detecting Format-String Vulnerabilities with Type Qualifiers
daemon@ATHENA.MIT.EDU (aleph1@securityfocus.com)
Sun Sep 16 20:10:03 2001
Date: Sat, 15 Sep 2001 16:50:44 -0600
From: aleph1@securityfocus.com
To: secpapers@securityfocus.com
Cc: bugtraq@securityfocus.com
Message-ID: <20010915165044.E1818@securityfocus.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Detecting Format-String Vulnerabilities with Type Qualifiers
Umesh Shankar, Kunal Talwar, Jeffrey S. Foster, and David Wagner
We present a new system for automatically detecting format string security
vulnerabilities in C programs using a constraint-based type-inference engine.
We describe new techniques for presenting the results of such analysis to
the user in a form that makes bugs easier to find and fix, The system has
been implemented and tested on several real-world software packages. Our
tests show that the system is very effective, detecting several bugs
previously unknown to the authors and exhibiting a low rate of false
positives in almost all cases. Many of our techniques are applicable to
additional classes of security vulnerabilities, as well as other type- and
constraint- based systems.
http://www.cs.berkeley.edu/~jfoster/papers/usenix01.ps.gz
http://www.cs.berkeley.edu/~jfoster/papers/usenix01.pdf
--
Elias Levy
SecurityFocus
http://www.securityfocus.com/
Si vis pacem, para bellum
