Articoli correlati a Value-Range Analysis of C Programs: Towards Proving...
Value-Range Analysis of C Programs: Towards Proving the Absence of Buffer Overflow Vulnerabilities - Rilegato
Sinossi
Abu?erover?owoccurswheninputiswrittenintoamemorybu?erthatisnot large enough to hold the input. Bu?er over?ows may allow a malicious person to gain control over a computer system in that a crafted input can trick the defectiveprogramintoexecutingcodethatisencodedintheinputitself.They are recognised as one of the most widespread forms of security vulnerability, and many workarounds, including new processor features, have been proposed to contain the threat. This book describes a static analysis that aims to prove the absence of bu?er over?ows in C programs. The analysis is conservative in the sense that it locates every possible over?ow. Furthermore, it is fully automatic in that it requires no user annotations in the input program. Thekeyideaoftheanalysisistoinferasymbolicstateforeachp- gram point that describes the possible variable valuations that can arise at that point. The program is correct if the inferred values for array indices and pointer o?sets lie within the bounds of the accessed bu?er. The symbolic state consists of a ?nite set of linear inequalities whose feasible points induce a convex polyhedron that represents an approximation to possible variable valuations. The book formally describes how program operations are mapped to operations on polyhedra and details how to limit the analysis to those p- tionsofstructuresandarraysthatarerelevantforveri?cation.Withrespectto operations on string bu?ers, we demonstrate how to analyse C strings whose length is determined by anul character within the string.
Le informazioni nella sezione "Riassunto" possono far riferimento a edizioni diverse di questo titolo.
Dalla quarta di copertina
The use of static analysis techniques to prove the partial correctness of C code has recently attracted much attention due to the high cost of software errors - particularly with respect to security vulnerabilities. However, research into new analysis techniques is often hampered by the technical difficulties of analysing accesses through pointers, pointer arithmetic, coercion between types, integer wrap-around and other low-level behaviour. Axel Simon provides a concise, yet formal description of a value-range analysis that soundly approximates the semantics of C programs using systems of linear inequalities (polyhedra).
The analysis is formally specified down to the bit-level while providing a precise approximation of all low-level aspects of C using polyhedral operations and, as such, it provides a basis for implementing new analyses that are aimed at verifying higher-level program properties precisely. One example of such an analysis is the tracking of the NUL position in C string buffers, which is shown as an extension to the basic analysis and which thereby demonstrates the modularity of the approach.
While the book focuses on a sound analysis of C, it will be useful to any researcher and student with an interest in static analysis of real-world programming languages. In fact, many concepts presented here carry over to other languages such as Java or assembler, to other applications such as taint analysis, array and shape analysis and possibly even to other approaches such as run-time verification and test data generation.
Le informazioni nella sezione "Su questo libro" possono far riferimento a edizioni diverse di questo titolo.
Compra nuovo
Visualizza questo articolo
EUR 137,26
EUR 9,70 per la spedizione da Germania a Italia
Destinazione, tempi e costiAltre edizioni note dello stesso titolo
Risultati della ricerca per Value-Range Analysis of C Programs: Towards Proving...
Immagini fornite dal venditore
Value-Range Analysis of C Programs
Print on DemandDa: moluna, Greven, Germania
Valutazione del venditore 5 su 5 stelle
Gebunden. Condizione: New. Dieser Artikel ist ein Print on Demand Artikel und wird nach Ihrer Bestellung fuer Sie gedruckt. Complete formal specification of a static analysis of a real-world programming languageNew techniques to soundly handle the wrapping of integers, overlapping memory accesses and pointer arithmetic, thereby providing an analysis of C that is f. Codice articolo 4286326
Quantità: Più di 20 disponibili
Foto dell'editore
Value-Range Analysis of C Programs: Towards Proving the Absence of Buffer Overflow Vulnerabilities
Da: Ria Christie Collections, Uxbridge, Regno Unito
Valutazione del venditore 5 su 5 stelle
Condizione: New. In. Codice articolo ria9781848000162_new
Quantità: Più di 20 disponibili
Immagini fornite dal venditore
Value-Range Analysis of C Programs : Towards Proving the Absence of Buffer Overflow Vulnerabilities
Da: GreatBookPrices, Columbia, MD, U.S.A.
Valutazione del venditore 5 su 5 stelle
Condizione: New. Codice articolo 5598179-n
Quantità: 1 disponibili
Immagini fornite dal venditore
Value-Range Analysis of C Programs : Towards Proving the Absence of Buffer Overflow Vulnerabilities
Da: GreatBookPricesUK, Woodford Green, Regno Unito
Valutazione del venditore 5 su 5 stelle
Condizione: New. Codice articolo 5598179-n
Quantità: Più di 20 disponibili
Foto dell'editore
VALUE-RANGE ANALYSIS OF C PROGRAMS (HB)
Da: UK BOOKS STORE, London, LONDO, Regno Unito
Valutazione del venditore 5 su 5 stelle
Condizione: New. Brand New! Fast Delivery US Edition and ship within 24-48 hours. Deliver by FedEx and Dhl, & Aramex, UPS, & USPS and we do accept APO and PO BOX Addresses. Order can be delivered worldwide within 7-10 days and we do have flat rate for up to 2LB. Extra shipping charges will be requested if the Book weight is more than 5 LB. This Item May be shipped from India, United states & United Kingdom. Depending on your location and availability. Codice articolo CBS 9781848000162
Quantità: 1 disponibili
Foto dell'editore
VALUE-RANGE ANALYSIS OF C PROGRAMS (HB)
Da: URW Books Store, CASPER, WY, U.S.A.
Valutazione del venditore 5 su 5 stelle
Condizione: Brand New. Brand New! Fast Delivery, Delivery With In 7-10 working Day Only , USA Edition Original Edition. Excellent Quality, Printing In English Language, Quick delivery by FEDEX & DHL. USPS & UPS Act. Our courier service is not available at PO BOX& APO BOX. Ship from India & United States. Codice articolo CBSBOOKS54075
Quantità: 1 disponibili
Immagini fornite dal venditore
Value-Range Analysis of C Programs : Towards Proving the Absence of Buffer Overflow Vulnerabilities
Da: GreatBookPrices, Columbia, MD, U.S.A.
Valutazione del venditore 5 su 5 stelle
Condizione: As New. Unread book in perfect condition. Codice articolo 5598179
Quantità: 1 disponibili
Immagini fornite dal venditore
Value-Range Analysis of C Programs : Towards Proving the Absence of Buffer Overflow Vulnerabilities
Da: GreatBookPricesUK, Woodford Green, Regno Unito
Valutazione del venditore 5 su 5 stelle
Condizione: As New. Unread book in perfect condition. Codice articolo 5598179
Quantità: Più di 20 disponibili
Foto dell'editore
Value-Range Analysis of C Programs: Towards Proving the Absence of Buffer Overflow Vulnerabilities
Da: Lucky's Textbooks, Dallas, TX, U.S.A.
Valutazione del venditore 5 su 5 stelle
Condizione: New. Codice articolo ABLIING23Mar2912160247802
Quantità: Più di 20 disponibili
Immagini fornite dal venditore
Value-Range Analysis of C Programs : Towards Proving the Absence of Buffer Overflow Vulnerabilities
Da: AHA-BUCH GmbH, Einbeck, Germania
Valutazione del venditore 5 su 5 stelle
Buch. Condizione: Neu. Neuware - Abu erover owoccurswheninputiswrittenintoamemorybu erthatisnot large enough to hold the input. Bu er over ows may allow a malicious person to gain control over a computer system in that a crafted input can trick the defectiveprogramintoexecutingcodethatisencodedintheinputitself.They are recognised as one of the most widespread forms of security vulnerability, and many workarounds, including new processor features, have been proposed to contain the threat. This book describes a static analysis that aims to prove the absence of bu er over ows in C programs. The analysis is conservative in the sense that it locates every possible over ow. Furthermore, it is fully automatic in that it requires no user annotations in the input program. Thekeyideaoftheanalysisistoinferasymbolicstateforeachp- gram point that describes the possible variable valuations that can arise at that point. The program is correct if the inferred values for array indices and pointer o sets lie within the bounds of the accessed bu er. The symbolic state consists of a nite set of linear inequalities whose feasible points induce a convex polyhedron that represents an approximation to possible variable valuations. The book formally describes how program operations are mapped to operations on polyhedra and details how to limit the analysis to those p- tionsofstructuresandarraysthatarerelevantforveri cation.Withrespectto operations on string bu ers, we demonstrate how to analyse C strings whose length is determined by anul character within the string. Codice articolo 9781848000162
Quantità: 2 disponibili