Add to ORKGIn recent years researchers have presented several tools for statically checking security properties of C code. But they all (currently) focus on one or two categories of security properties each. We have proposed dependence graphs decorated with type-cast and range information as a more generic formalism allowing both for visual communication with the programmer and static analysis checking several security properties at once. Our prototype tool GraphMatch currently checks code for input validation flaws. But several research questions are still open. Most importantly we need to address the complexity of our algorithm for pattern matching graphs, the accuracy of our security models, and the generality of our formalism. Other questions rega...
AbstractDetecting source code vulnerabilities is an essential issue today. In this paper, to improve...
This thesis contributes to three research areas in software security, namely security requirements a...
This dissertation is a case study of type safety with respect to the C programming language. In shor...
In this paper we discuss the problem of modeling security properties, including what we call the dua...
Abstract—The vast majority of security breaches encountered today are a direct result of insecure co...
Abstract—The vast majority of security breaches encountered today are a direct result of insecure co...
We describe a new technique for finding potential buffer overrun vulnerabilities in security-critica...
We check statically whether it is safe for untrusted foreign machine code to be loaded into a truste...
We present a new system for automatically detecting format string security vulnerabilities in C prog...
We check statically whether it is safe for untrusted foreign machine code to be loaded into a truste...
We describe a new technique for finding potential buffer overrun vulnerabilities in security-critica...
This paper describes the design and implementation of a lightweight static security analyzer that ex...
This paper describes the design and implementation of a lightweight static security analyzer that ex...
This paper addresses the issue of identifiing buffer overrun vulnerabilities by statically analyzing...
AbstractDetecting source code vulnerabilities is an essential issue today. In this paper, to improve...
AbstractDetecting source code vulnerabilities is an essential issue today. In this paper, to improve...
This thesis contributes to three research areas in software security, namely security requirements a...
This dissertation is a case study of type safety with respect to the C programming language. In shor...
In this paper we discuss the problem of modeling security properties, including what we call the dua...
Abstract—The vast majority of security breaches encountered today are a direct result of insecure co...
Abstract—The vast majority of security breaches encountered today are a direct result of insecure co...
We describe a new technique for finding potential buffer overrun vulnerabilities in security-critica...
We check statically whether it is safe for untrusted foreign machine code to be loaded into a truste...
We present a new system for automatically detecting format string security vulnerabilities in C prog...
We check statically whether it is safe for untrusted foreign machine code to be loaded into a truste...
We describe a new technique for finding potential buffer overrun vulnerabilities in security-critica...
This paper describes the design and implementation of a lightweight static security analyzer that ex...
This paper describes the design and implementation of a lightweight static security analyzer that ex...
This paper addresses the issue of identifiing buffer overrun vulnerabilities by statically analyzing...
AbstractDetecting source code vulnerabilities is an essential issue today. In this paper, to improve...
AbstractDetecting source code vulnerabilities is an essential issue today. In this paper, to improve...
This thesis contributes to three research areas in software security, namely security requirements a...
This dissertation is a case study of type safety with respect to the C programming language. In shor...