Joint PL / Security Seminar

Connie Heitmeyer (web)
Naval Research Laboratory (web)

TBA

TBA

 Cookies will be served at 3:45 PM in 1325 CS.

Vinod Ganapathy (web)
University of Wisconsin, Madison (web)
Computer Sciences Department (web)

Buffer Overrun Detection Using Linear Programming and Static Analysis

We describe a technique to identify buffer overrun vulnerabilities by statically analyzing C source code. We demonstrate a light-weight analysis based on modeling C string manipulations as a linear program. We also present fast, scalable solvers based on linear programming, and demonstrate techniques to make the program analysis context sensitive. Based on these techniques, we built a prototype and used it to identify several vulnerabilities in popular security critical applications.

Joint work with Somesh Jha, Univ. of Wisconsin, and David Chandler, David Melski and David Vitek, Grammatech Inc.

This is a practice talk for the ACM Conference on Computer and Communications Security (CCS2003).