Improving security using extensible lightweight static analysis

被引:179
|
作者
Evans, D [1 ]
Larochelle, D [1 ]
机构
[1] Univ Virginia, Sch Engn & Appl Sci, Dept Comp Sci, Charlottesville, VA 22904 USA
来源
IEEE SOFTWARE | 2002年 / 19卷 / 01期
基金
美国国家科学基金会; 美国国家航空航天局;
关键词
Authentication protocols - Legacy code - Lightweight static analysis;
D O I
10.1109/52.976940
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
By David Evans and David Larochelle, pp. 42-51. Most security attacks exploit instances of well-known classes of implementation flaws. Developers could detect and eliminate many of these flaws before deploying the software, yet these problems persist with disturbing frequency-not because the security community doesn't sufficiently understand them but because techniques for preventing them have not been integrated into the software development process. This article describes an extensible tool that uses lightweight static analysis to detect common security vulnerabilities (including buffer overflows and format string vulnerabilities).
引用
收藏
页码:42 / +
页数:11
相关论文
共 50 条
  • [41] Improving spectral-based fault localization using static analysis
    Neelofar, Neelofar
    Naish, Lee
    Lee, Jason
    Ramamohanarao, Kotagiri
    [J]. SOFTWARE-PRACTICE & EXPERIENCE, 2017, 47 (11): : 1633 - 1655
  • [42] SEBASTiAn: A static and extensible black-box application security testing tool for iOS and Android applications
    Pagano, Francesco
    Romdhana, Andrea
    Caputo, Davide
    Verderame, Luca
    Merlo, Alessio
    [J]. SOFTWAREX, 2023, 23
  • [43] Lightweight Generics in Embedded Systems through Static Analysis
    Sallenave, Olivier
    Ducournau, Roland
    [J]. ACM SIGPLAN NOTICES, 2012, 47 (05) : 11 - 20
  • [44] Lightweight design and static analysis of lattice compressor impeller
    Yuan Zhang
    Fanchun Li
    Dejun Jia
    [J]. Scientific Reports, 10
  • [45] Security analysis of extensible authentication protocol methods based on AAA architecture
    Lee, Jong-Hyouk
    Jung, Su-Jin
    Han, Young-Ju
    Chung, Tai-Myoung
    [J]. RECENT PROGRESS IN COMPUTATIONAL SCIENCES AND ENGINEERING, VOLS 7A AND 7B, 2006, 7A-B : 1311 - 1314
  • [46] Lightweight design and static analysis of lattice compressor impeller
    Zhang, Yuan
    Li, Fanchun
    Jia, Dejun
    [J]. SCIENTIFIC REPORTS, 2020, 10 (01)
  • [47] Design of Lightweight and Extensible Tendon-Driven Continuum Robots using Origami Patterns
    Xu, Yunti
    Peyron, Quentin
    Kim, Jongwoo
    Burgner-Kahrs, Jessica
    [J]. 2021 IEEE 4TH INTERNATIONAL CONFERENCE ON SOFT ROBOTICS (ROBOSOFT), 2021, : 308 - 314
  • [48] Improving Software Quality with Static Analysis
    Foster, Jeffrey S.
    Hicks, Michael W.
    Pugh, William
    [J]. PASTE'07 PROCEEDINGS OF THE 2007 ACM SIGPLAN- SIGSOFT WORKSHOP ON PROGRAM ANALYSIS FOR SOFTWARE TOOLS & ENGINEERING, 2007, : 83 - 84
  • [49] MicroSensor: Towards an Extensible Tool for the Static Analysis of Microservices Systems in Continuous Integration
    Soares, Edson
    Paixao, Matheus
    Araujo, Allysson Allex
    [J]. COMPANION PROCEEDINGS OF THE 32ND ACM INTERNATIONAL CONFERENCE ON THE FOUNDATIONS OF SOFTWARE ENGINEERING, FSE COMPANION 2024, 2024, : 673 - 674
  • [50] Compressive behavior of auxetic structural metamaterial for lightweight construction using ANSYS static structural analysis
    Shruti, Medha
    Hemanth, Namana Sri
    Badgayan, Nitesh Dhar
    Sahu, Santosh Kumar
    [J]. MATERIALS TODAY-PROCEEDINGS, 2021, 38 : 12 - 17
12345