Friday, Oct. 3, 2003
4:00 - 5:00 PM
1325 CS
|
Joint PL / Security Seminar
Connie Heitmeyer (web)
Naval Research Laboratory (web)
TBA
TBA
Cookies will be served at 3:45 PM in 1325 CS.
|
Wednesday, Oct. 22, 2003
4:30 - 5:15 PM
1325 CS
|
Vinod Ganapathy (web)
University of Wisconsin, Madison (web)
Computer Sciences Department (web)
Buffer Overrun Detection Using Linear Programming and Static Analysis
We describe a technique to identify buffer
overrun vulnerabilities by statically
analyzing C source code. We demonstrate a
light-weight analysis based on modeling C
string manipulations as a linear program. We
also present fast, scalable solvers based on
linear programming, and demonstrate techniques
to make the program analysis context
sensitive. Based on these techniques, we built
a prototype and used it to identify several
vulnerabilities in popular security critical
applications.
Joint work with Somesh Jha, Univ. of
Wisconsin, and David Chandler, David Melski
and David Vitek, Grammatech Inc.
This is a practice talk for the ACM Conference
on Computer and Communications Security
(CCS2003).
|