Using Type Qualifiers to Analyze Untrusted Integers and Detecting Security Flaws in C Programs

@inproceedings{Ceesay2006UsingTQ,
  title={Using Type Qualifiers to Analyze Untrusted Integers and Detecting Security Flaws in C Programs},
  author={Ebrima N. Ceesay and Jingmin Zhou and Michael Gertz and Karl N. Levitt and Matt Bishop},
  booktitle={DIMVA},
  year={2006}
}
Incomplete or improper input validation is one of the major sources of security bugs in programs. While traditional approaches often focus on detecting string related buffer overflow vulnerabilities, we present an approach to automatically detect potential integer misuse, such as integer overflows in C programs. Our tool is based on CQual, a static analysis tool using type theory. Our techniques have been implemented and tested on several widely used open source applications. Using the tool, we… CONTINUE READING

Citations

Publications citing this paper.
Showing 1-10 of 12 extracted citations

References

Publications referenced by this paper.
Showing 1-10 of 29 references

Gd graphics library

  • Boutell.com
  • http://www.boutell.com/gd/
  • 2004
Highly Influential
2 Excerpts

Icat vulnerability statistics

  • The ICAT team
  • http://icat.nist.gov/icat.cfm?function=statistics
  • 2005
1 Excerpt

Gd: Integer overflow

  • Gentoo Linux
  • Security Advisory GLSA 200411-08
  • 2004
1 Excerpt

Gdkpixbuf ico parser contains a integer overflow vulnerability

  • CERT
  • Vulnerability Note VU#577654
  • 2004
1 Excerpt

Gdkpixbuf xpm parser contains a heap overflow vulnerability

  • CERT
  • Vulnerability Note VU#729894
  • 2004
2 Excerpts

Integer handling with the c++ safeint class

  • D. LeBlanc
  • http://msdn.microsoft. com/library/en-us/dncode…
  • 2004
2 Excerpts

Similar Papers

Loading similar papers…