Value-range analysis of C programs: towards proving the absence of buffer overflow vulnerabilities

Value-range analysis of C programs: towards proving the absence of buffer overflow vulnerabilities

Simon, A.

93,55 €(IVA inc.)

Value-Range Analysis of C Programs describes a static analysis for detecting buffer overflows. A buffer overflow in a C program occurs when input is read into a memory buffer whose length exceeds that of the buffer. Overflows usuallylead to crashes and may even enable a malicious person to gain control over acomputer system. They are recognised as one of the most widespread forms of computer vulnerability. Based on the analysis of a standard mail-forwarding program, necessary refinements of the basic analysis are examined, thereby pavingthe way for an analysis that is precise enough to prove the absence of bufferoverflows in legacy C code. Complete formal specification of a static analysis of a real-world programming language New techniques to soundly handle the wrapping of integers, overlapping memory accesses and pointer arithmetic, thereby providing an analysis of C that is faithful to the bit-level INDICE: From the contents Preface.- Introduction.-Value Range Analysis.- Analysing C.- A Semantics for C.- Core C.- Related Work.- Part 1 Abstracting Soundly.- Abstract State Space.- Points-To Analysis.- Numeric Domains.- Taming Casting and Wrapping.- A Language Featuring Finite Integer Arithmetic.- Implicit Wrapping of Polyhedral Variables.- Explicit Wrapping of Polyhedral Variables.- An Abstract Semantics for SubC.- Discussion.- Overlapping Memory Accesses and Pointers.- Memory as a Set of Fields.- Mixing Values and Pointers.- Abstraction Relation.- Abstract Semantics.- Part II Ensuring Efficiency.- Planar Polyhedra.- Operations on Inequalities.- Operations on Sets of Inequalities.- The TVPI Abstract Domain.- The Integral TVPI Domain.- Interfacing Analysis and Numeric Domain.- Inferring Relevant Fields and Addresses.- Applying Widening in Fixpoint Calculations.- Part III Improving Precision.- Tracking String Lengths.- Widening with Landmarks .- Combining Points-To and Numeric Analysis.- Conclusion and Outlook

  • ISBN: 978-1-84800-016-2
  • Editorial: Springer
  • Encuadernacion: Cartoné
  • Páginas: 315
  • Fecha Publicación: 01/10/2008
  • Nº Volúmenes: 1
  • Idioma: Inglés