Improving security using extensible lightweight static analysis
Top Cited Papers
- 7 August 2002
- journal article
- Published by Institute of Electrical and Electronics Engineers (IEEE) in IEEE Software
- Vol. 19 (1) , 42-51
- https://doi.org/10.1109/52.976940
Abstract
Most security attacks exploit instances of well-known classes of implementation flaws. Developers could detect and eliminate many of these flaws before deploying the software, yet these problems persist with disturbing frequency-not because the security community doesn't sufficiently understand them but because techniques for preventing them have not been integrated into the software development process. This article describes an extensible tool that uses lightweight static analysis to detect common security vulnerabilities (including buffer overflows and format string vulnerabilities).Keywords
This publication has 6 references indexed in Scilit:
- Flexible policy-directed code safetyPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2003
- ITS4: a static vulnerability scanner for C and C++ codePublished by Institute of Electrical and Electronics Engineers (IEEE) ,2002
- Dynamically discovering likely program invariants to support program evolutionPublished by Association for Computing Machinery (ACM) ,1999
- Static detection of dynamic memory errorsPublished by Association for Computing Machinery (ACM) ,1996
- LCLintPublished by Association for Computing Machinery (ACM) ,1994
- The undecidability of aliasingACM Transactions on Programming Languages and Systems, 1994