A case study in detecting software security vulnerabilities using constraint optimization

  title={A case study in detecting software security vulnerabilities using constraint optimization},
  author={Michael Weber and Viren Shah and Chris Ren},
In this paper we present a case study in static analysis, with a focus on static methods for detecting buffer overflow vulnerabilities in software. We describe in detail a tool called Mjolnir that we have developed which improves upon existing static analysis techniques for detecting buffer overflow. The architecture and process flow of this tool are presented. We discuss some common static analysis obstacles in terms of where they were encountered in developing this tool and the steps that… CONTINUE READING

From This Paper

Figures, tables, and topics from this paper.


Publications citing this paper.
Showing 1-10 of 13 extracted citations

Classification of Static Analysis-Based Buffer Overflow Detectors

2010 Fourth International Conference on Secure Software Integration and Reliability Improvement Companion • 2010
View 10 Excerpts
Highly Influenced

Comparing Lexical Analysis Tools for Buffer Overflow Detection in Network Software

2006 1st International Conference on Communication Systems Software & Middleware • 2006
View 6 Excerpts
Highly Influenced

A Lightweight Security Analyzer inside GCC

2008 Third International Conference on Availability, Reliability and Security • 2008
View 4 Excerpts
Highly Influenced

Evaluating State-of-the-Art Free and Open Source Static Analysis Tools Against Buffer Errors in Android Apps

2017 IEEE International Conference on Software Maintenance and Evolution (ICSME) • 2017
View 2 Excerpts

Why Source Code Analysis and Manipulation Will Always be Important

2010 10th IEEE Working Conference on Source Code Analysis and Manipulation • 2010
View 2 Excerpts

On the Customization of Components: A Rule-Based Approach

IEEE Transactions on Knowledge and Data Engineering • 2007
View 1 Excerpt


Publications referenced by this paper.
Showing 1-10 of 10 references

Interprocedural slicing using dependency graphs

S. Horowitz, T. Reps, D. Binkley
ACM Transactions on Programming Languages and Systems, • 1990
View 4 Excerpts
Highly Influenced

Pioli . Which pointer analysis should I use

ACM SIGSOFT International Symposium on Software Testing and Analysis ( ISSTA • 2000

Towards certifying software for security

T. J. Walls, V. Shah, A. K. Ghosh
In International Software Assurance Certification Conference (ISACC • 2000
View 2 Excerpts

Similar Papers

Loading similar papers…