Skip to main content
SpringerLink
Log in

Value-Range Analysis of C Programs

Towards Proving the Absence of Buffer Overflow Vulnerabilities

  • Book
  • © 2008

Overview

Editors:
  1. Axel Simon
    View editor publications

    You can also search for this editor in PubMed   Google Scholar

  • Complete formal specification of a static analysis of a real-world programming language
  • New techniques to soundly handle the wrapping of integers, overlapping memory accesses and pointer arithmetic, thereby providing an analysis of C that is faithful to the bit-level
  • Includes supplementary material: sn.pub/extras

This is a preview of subscription content, log in via an institution to check access.

Access this book

Log in via an institution
eBook USD 129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book USD 169.00
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Other ways to access

Licence this eBook for your library

Institutional subscriptions

Table of contents (15 chapters)

  1. Front Matter

    Pages i-xxii
    Download chapter PDF

    1. Introduction

      Pages 1-21

    2. A Semantics for C

      Pages 23-43

  3. Abstracting Soundly

    1. Front Matter

      Pages 46-46
      Download chapter PDF

    2. Abstract State Space

      Pages 47-70

    3. Taming Casting and Wrapping

      Pages 71-87

    4. Overlapping Memory Accesses and Pointers

      Pages 89-110

    5. Abstract Semantics

      Pages 111-124

  4. Ensuring Efficiency

    1. Front Matter

      Pages 126-126
      Download chapter PDF

    2. Planar Polyhedra

      Pages 127-146

    3. The TVPI Abstract Domain

      Pages 147-163

    4. The Integral TVPI Domain

      Pages 165-183

    5. Interfacing Analysis and Numeric Domain

      Pages 185-194

  5. Improving Precision

    1. Front Matter

      Pages 196-196
      Download chapter PDF

    2. Tracking String Lengths

      Pages 197-215

    3. Widening with Landmarks

      Pages 217-233

    4. Combining Points-to and Numeric Analyses

      Pages 235-258

    5. Implementation

      Pages 259-276

    6. Conclusion and Outlook

      Pages 277-279

  6. Back Matter

    Pages 281-300
    Download chapter PDF
Back to top

Keywords

About this book

Abu?erover?owoccurswheninputiswrittenintoamemorybu?erthatisnot large enough to hold the input. Bu?er over?ows may allow a malicious person to gain control over a computer system in that a crafted input can trick the defectiveprogramintoexecutingcodethatisencodedintheinputitself.They are recognised as one of the most widespread forms of security vulnerability, and many workarounds, including new processor features, have been proposed to contain the threat. This book describes a static analysis that aims to prove the absence of bu?er over?ows in C programs. The analysis is conservative in the sense that it locates every possible over?ow. Furthermore, it is fully automatic in that it requires no user annotations in the input program. Thekeyideaoftheanalysisistoinferasymbolicstateforeachp- gram point that describes the possible variable valuations that can arise at that point. The program is correct if the inferred values for array indices and pointer o?sets lie within the bounds of the accessed bu?er. The symbolic state consists of a ?nite set of linear inequalities whose feasible points induce a convex polyhedron that represents an approximation to possible variable valuations. The book formally describes how program operations are mapped to operations on polyhedra and details how to limit the analysis to those p- tionsofstructuresandarraysthatarerelevantforveri?cation.Withrespectto operations on string bu?ers, we demonstrate how to analyse C strings whose length is determined by anul character within the string.

Reviews

From the reviews:

"This book describes a static analysis that aims to prove the absence of buffer overflows in C programs. … The book formally describes how program operations are mapped to operations on polyhedra. … Many concepts presented here carry over to other languages such as Java or assembler. So it will be useful to any researcher and student with an interest in static analysis of real-world programming languages." (Stefan Meyer, Zentralblatt MATH, Vol. 1155, 2009)

Bibliographic Information

Publish with us

Policies and ethics

Back to top

Search

Navigation