A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities
David Wagner, Jeffrey S. Foster, Eric A. Brewer, and Alexander Aiken
Networking and Distributed System Security Symposium (NDSS). San Diego, California. February 2000.

We describe a new technique for finding potential buffer overrun vulnerabilities in security-critical C code. The key to success is to use static analysis: we formulate detection of buffer overruns as an integer range analysis problem. One major advantage of static analysis is that security bugs can be eliminated before code is deployed. We have implemented our design and used our prototype to find new remotely-exploitable vulnerabilities in a large, widely deployed software package. An earlier hand audit missed these bugs.

[ pdf | ps.gz ]