Buffer overrun detection using linear programming and static analysis 

Originally published here.

Proceedings of the 10th ACM Conference on Computer and Communications Security, CCS 2003, Washington, DC, USA, October 27-30, 2003


Vinod Ganapathy, Somesh Jha, David Ch, ler, David Melski and David Vitek


This paper addresses the issue of identifying buffer overrun vulnerabilities by statically analyzing C source code. We demonstrate a light-weight analysis based on modeling C string manipulations as a linear program. We also present fast, scalable solvers based on linear programming, and demonstrate techniques to make the program analysis context sensitive. Based on these techniques, we built a prototype and used it to identify several vulnerabilities in popular security critical applications.

Contact Us

Get a personally guided tour of our solution offerings. 

Contact US