Improving computer security using extended static checking

被引:25
作者
Chess, BV [1 ]
机构
[1] Univ Calif Santa Cruz, Dept Comp Sci, Santa Cruz, CA 95064 USA
来源
2002 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, PROCEEDINGS | 2002年
关键词
D O I
10.1109/SECPRI.2002.1004369
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
We describe a method for finding security flaws in source code by way, of static analysis. The method is notable because it allows a user to specify a wide range of security properties while also leveraging a set of pre-defined common flaws. It works by using an automated theorem prover to analyze verification conditions generated from C source code and a set of specifications that define security properties. We demonstrate that the method can be used to identify real vulnerabilities in real programs.
引用
收藏
页码:160 / 173
页数:14
相关论文
共 29 条
[1]  
Back Ralph-Johan, 1998, GRADUATE TEXTS COMPU
[2]  
BISHOP M, 1996, COMPUT SYST, V9, P132
[3]  
Cowan Crispin, 2001, P USENIX SEC S
[4]  
DETLEFS D, 1995, 4 FORM METH SOFTW PR
[5]  
DETLEFS DL, 1998, 159 COMP SYST RES CT
[6]  
DETLEFS DL, 1996, UNPUB SIMPLIFY ESC T
[7]  
Dijkstra E. W, 1976, A Discipline of Programming
[8]  
EVANS D, 1994, S FDN SOFTW ENG SIGS
[9]  
FLANAGAN C, 2001, S PRINC PROGR LANG A
[10]  
FLANAGAN D, 1996, JAVASCRIPT DEFINITIV
123