Improving security using extensible lightweight static analysis

被引:179
|
作者
Evans, D [1 ]
Larochelle, D [1 ]
机构
[1] Univ Virginia, Sch Engn & Appl Sci, Dept Comp Sci, Charlottesville, VA 22904 USA
来源
IEEE SOFTWARE | 2002年 / 19卷 / 01期
基金
美国国家科学基金会; 美国国家航空航天局;
关键词
Authentication protocols - Legacy code - Lightweight static analysis;
D O I
10.1109/52.976940
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
By David Evans and David Larochelle, pp. 42-51. Most security attacks exploit instances of well-known classes of implementation flaws. Developers could detect and eliminate many of these flaws before deploying the software, yet these problems persist with disturbing frequency-not because the security community doesn't sufficiently understand them but because techniques for preventing them have not been integrated into the software development process. This article describes an extensible tool that uses lightweight static analysis to detect common security vulnerabilities (including buffer overflows and format string vulnerabilities).
引用
收藏
页码:42 / +
页数:11
相关论文
共 50 条
  • [1] ALETHEIA: Improving the Usability of Static Security Analysis
    Tripp, Omer
    Guarnieri, Salvatore
    Pistoia, Marco
    Aravkin, Aleksandr
    [J]. CCS'14: PROCEEDINGS OF THE 21ST ACM CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2014, : 762 - 774
  • [2] Improving computer security using extended static checking
    Chess, BV
    [J]. 2002 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, PROCEEDINGS, 2002, : 160 - 173
  • [3] Improving the Security of LBlock Lightweight Algorithm using Bit Permutation
    AlDabbagh, Sufyan Salim Mahmood
    Al Shaikhli, Imad Fakhri Taha
    [J]. 2013 INTERNATIONAL CONFERENCE ON ADVANCED COMPUTER SCIENCE APPLICATIONS AND TECHNOLOGIES (ACSAT), 2014, : 296 - 299
  • [4] AN EXTENSIBLE STATIC ANALYSIS METHOD USING DEFECTS DESCRIPTION LANGUAGE
    Zhu Tian-qing
    [J]. DCABES 2009: THE 8TH INTERNATIONAL SYMPOSIUM ON DISTRIBUTED COMPUTING AND APPLICATIONS TO BUSINESS, ENGINEERING AND SCIENCE, PROCEEDINGS, 2009, : 382 - 385
  • [5] Improving the Security of Downloadable Java']Java Applications With Static Analysis
    Cregut, Pierre
    Alvarado, Cuihtlauac
    [J]. ELECTRONIC NOTES IN THEORETICAL COMPUTER SCIENCE, 2005, 141 (01) : 129 - 144
  • [6] Efficient and Extensible Security Enforcement Using Dynamic Data Flow Analysis
    Chang, Walter
    Streiff, Brandon
    Lin, Calvin
    [J]. CCS'08: PROCEEDINGS OF THE 15TH ACM CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2008, : 39 - 50
  • [7] Static security analysis using pipeline decomposition
    Alves, AB
    Monticelli, A
    [J]. IEE PROCEEDINGS-GENERATION TRANSMISSION AND DISTRIBUTION, 1998, 145 (02) : 105 - 110
  • [8] Using Static Analysis for Enhancing HLS Security
    Collini, Luca
    Ah-Kiow, Joey
    Pilato, Christian
    Karri, Ramesh
    Tan, Benjamin
    [J]. IEEE EMBEDDED SYSTEMS LETTERS, 2024, 16 (02) : 166 - 169
  • [9] InfERL: Scalable and Extensible Erlang Static Analysis
    Hajdu, Akos
    Marescotti, Matteo
    Suzanne, Thibault
    Mao, Ke
    Grigore, Radu
    Gustafsson, Per
    Distefano, Dino
    [J]. PROCEEDINGS OF THE 21ST ACM SIGPLAN INTERNATIONAL WORKSHOP ON ERLANG, ERLANG 2022, 2022, : 33 - 39
  • [10] A lightweight hierarchical method for improving security in the internet of things using fuzzy logic
    Doostani, Shadi
    Barati, Hamid
    Barati, Ali
    [J]. CONCURRENCY AND COMPUTATION-PRACTICE & EXPERIENCE, 2024, 36 (06):
12345