Using Type Qualifiers to Analyze Untrusted Integers and Detecting Security Flaws in C Programs

  • Ebrima N. Ceesay
  • Jingmin Zhou
  • Michael Gertz
  • Karl Levitt
  • Matt Bishop
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4064)

Abstract

Incomplete or improper input validation is one of the major sources of security bugs in programs. While traditional approaches often focus on detecting string related buffer overflow vulnerabilities, we present an approach to automatically detect potential integer misuse, such as integer overflows in C programs. Our tool is based on CQual, a static analysis tool using type theory. Our techniques have been implemented and tested on several widely used open source applications. Using the tool, we found known and unknown integer related vulnerabilities in these applications.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Ebrima N. Ceesay
    • 1
  • Jingmin Zhou
    • 1
  • Michael Gertz
    • 1
  • Karl Levitt
    • 1
  • Matt Bishop
    • 1
  1. 1.Computer Security LaboratoryUniversity of California at DavisDavisUSA

Personalised recommendations