Axel Simon

Value-Range Analysis of C Programs (eBook, PDF)

Towards Proving the Absence of Buffer Overflow Vulnerabilities

• Format: PDF

Produktbeschreibung

The use of static analysis techniques to prove the partial correctness of C code has recently attracted much attention due to the high cost of software errors - particularly with respect to security vulnerabilities. However, research into new analysis techniques is often hampered by the technical difficulties of analysing accesses through pointers, pointer arithmetic, coercion between types, integer wrap-around and other low-level behaviour. Axel Simon provides a concise, yet formal description of a value-range analysis that soundly approximates the semantics of C programs using systems of linear inequalities (polyhedra).

The analysis is formally specified down to the bit-level while providing a precise approximation of all low-level aspects of C using polyhedral operations and, as such, it provides a basis for implementing new analyses that are aimed at verifying higher-level program properties precisely. One example of such an analysis is the tracking of the NUL position in C string buffers, which is shown as an extension to the basic analysis and which thereby demonstrates the modularity of the approach.

While the book focuses on a sound analysis of C, it will be useful to any researcher and student with an interest in static analysis of real-world programming languages. In fact, many concepts presented here carry over to other languages such as Java or assembler, to other applications such as taint analysis, array and shape analysis and possibly even to other approaches such as run-time verification and test data generation.

---

Dieser Download kann aus rechtlichen Gründen nur mit Rechnungsadresse in A, B, BG, CY, CZ, D, DK, EW, E, FIN, F, GR, HR, H, IRL, I, LT, L, LR, M, NL, PL, P, R, S, SLO, SK ausgeliefert werden.

Produktdetails

• Verlag: Springer London
• Seitenzahl: 302
• Erscheinungstermin: 10. März 2010
• Englisch
• ISBN-13: 9781848000179
• Artikelnr.: 37346409

Inhaltsangabe

From the Contents: Preface.- Introduction.-Value Range Analysis.- Analysing C.- A Semantics for C.- Core C.- Related Work.- Part 1 Abstracting Soundly.- Abstract State Space.- Points-To Analysis.- Numeric Domains.- Taming Casting and Wrapping.- A Language Featuring Finite Integer Arithmetic.- Implicit Wrapping of Polyhedral Variables.- Explicit Wrapping of Polyhedral Variables.- An Abstract Semantics for SubC.- Discussion.- Overlapping Memory Accesses and Pointers.- Memory as a Set of Fields.- Mixing Values and Pointers.- Abstraction Relation.- Abstract Semantics.- Part II Ensuring Efficiency.- Planar Polyhedra.- Operations on Inequalities.- Operations on Sets of Inequalities.- The TVPI Abstract Domain.- The Integral TVPI Domain.- Interfacing Analysis and Numeric Domain.- Inferring Relevant Fields and Addresses.- Applying Widening in Fixpoint Calculations.- Part III Improving Precision.- Tracking String Lengths.- Widening with Landmarks .- Combining Points-To and Numeric Analysis.- Conclusion and Outlook

Rezensionen

From the reviews:

"This book describes a static analysis that aims to prove the absence of buffer overflows in C programs. ... The book formally describes how program operations are mapped to operations on polyhedra. ... Many concepts presented here carry over to other languages such as Java or assembler. So it will be useful to any researcher and student with an interest in static analysis of real-world programming languages." (Stefan Meyer, Zentralblatt MATH, Vol. 1155, 2009)