Atnaujinkite slapukų nuostatas

Value-Range Analysis of C Programs: Towards Proving the Absence of Buffer Overflow Vulnerabilities 2008 ed. [Kietas viršelis]

2.00/5 (2 ratings by Goodreads)
  • Formatas: Hardback, 302 pages, aukštis x plotis: 235x155 mm, weight: 1390 g, 119 Illustrations, black and white; XXII, 302 p. 119 illus., 1 Hardback
  • Išleidimo metai: 26-Jun-2008
  • Leidėjas: Springer London Ltd
  • ISBN-10: 1848000162
  • ISBN-13: 9781848000162
Kitos knygos pagal šią temą:
Value-Range Analysis of C Programs: Towards Proving the Absence of Buffer Overflow Vulnerabilities 2008 ed.Didesnis paveikslėlis
  • Formatas: Hardback, 302 pages, aukštis x plotis: 235x155 mm, weight: 1390 g, 119 Illustrations, black and white; XXII, 302 p. 119 illus., 1 Hardback
  • Išleidimo metai: 26-Jun-2008
  • Leidėjas: Springer London Ltd
  • ISBN-10: 1848000162
  • ISBN-13: 9781848000162
Kitos knygos pagal šią temą:
Pastovi nuoroda: https://www.kriso.lt/db/9781848000162.html
Raktažodžiai:
Abu erover owoccurswheninputiswrittenintoamemorybu erthatisnot large enough to hold the input. Bu er over ows may allow a malicious person to gain control over a computer system in that a crafted input can trick the defectiveprogramintoexecutingcodethatisencodedintheinputitself.They are recognised as one of the most widespread forms of security vulnerability, and many workarounds, including new processor features, have been proposed to contain the threat. This book describes a static analysis that aims to prove the absence of bu er over ows in C programs. The analysis is conservative in the sense that it locates every possible over ow. Furthermore, it is fully automatic in that it requires no user annotations in the input program. Thekeyideaoftheanalysisistoinferasymbolicstateforeachp- gram point that describes the possible variable valuations that can arise at that point. The program is correct if the inferred values for array indices and pointer o sets lie within the bounds of the accessed bu er. The symbolic state consists of a ?nite set of linear inequalities whose feasible points induce a convex polyhedron that represents an approximation to possible variable valuations. The book formally describes how program operations are mapped to operations on polyhedra and details how to limit the analysis to those p- tionsofstructuresandarraysthatarerelevantforveri cation.Withrespectto operations on string bu ers, we demonstrate how to analyse C strings whose length is determined by anul character within the string.

Recenzijos

From the reviews:









"This book describes a static analysis that aims to prove the absence of buffer overflows in C programs. The book formally describes how program operations are mapped to operations on polyhedra. Many concepts presented here carry over to other languages such as Java or assembler. So it will be useful to any researcher and student with an interest in static analysis of real-world programming languages." (Stefan Meyer, Zentralblatt MATH, Vol. 1155, 2009)

Preface vii
Contributions xvii
List of Figures
xix
Introduction
1(22)
Technical Background
2(2)
Value-Range Analysis
4(2)
Analysing C
6(1)
Soundness
7(4)
An Abstraction of C
7(1)
Combining Value and Content Abstraction
8(1)
Combining Pointer and Value-Range Analysis
9(2)
Efficiency
11(4)
Completeness
15(3)
Analysing String Buffers
16(1)
Widening with Landmarks
16(1)
Refining Points-to Analysis
17(1)
Further Refinements
17(1)
Related Tools
18(5)
The Astree Analyser
18(1)
SLAM and ESPX
19(1)
CCured
20(1)
Other Approaches
20(3)
A Semantics for C
23(24)
Core C
23(5)
Preliminaries
28(1)
The Environment
28(4)
Concrete Semantics
32(5)
Collecting Semantics
37(5)
Related Work
42(5)
Part I Abstracting Soundly
Abstract State Space
47(24)
An Introductory Example
48(3)
Points-to Analysis
51(5)
The Points-to Abstract Domain
54(1)
Related Work
55(1)
Numeric Domains
56(15)
The Domain of Convex Polyhedra
56(3)
Operations on Polyhedra
59(3)
Multiplicity Domain
62(3)
Combining the Polyhedral and Multiplicity Domains
65(3)
Related Work
68(3)
Taming Casting and Wrapping
71(18)
Modelling the Wrapping of Integers
72(2)
A Language Featuring Finite Integer Arithmatic
74(2)
The Syntax of Sub C
74(1)
The Semantifs of Sub C
75(1)
Polyhedral Analysis of Finite Integers
76(1)
Implict Wrapping of Polyhedral Variables
77(1)
Explict Wrapping of Polyhedral Variables
78(5)
Wrapping Variables with a Finite Range
78(2)
Wrapping Variables with Infinite Ranges
80(1)
Wrapping Several Variables
80(2)
An Algorithm for Explicit Wrapping
82(1)
An Abstract Semantics for Sub C
83(3)
Discussion
86(3)
Related Work
87(2)
Overlapping Memory Accesses and Pointers
89(22)
Memory as a Set of Fields
89(4)
Memory Layout for Core C
90(3)
Access Trees
93(7)
Related Work
99(1)
Mixing Values and Pointers
100(6)
Abstraction Relation
106(5)
On Choosing an Abstraction Framework
108(3)
Abstract Semantics
111(16)
Expressions and Simple Assignments
116(2)
Assigning Structure
118(3)
Casting, &-Operations, and Dynamic Memory
121(2)
Inferring Fields Automatically
123(4)
Part II Ensuring Efficiency
Planar Polyhedra
127(20)
Operations on Inequalities
129(2)
Entailment between single Inequalities
130(1)
Operations on Sets of Inequalities
131(16)
Entailment Check
131(1)
Removing Redundancies
132(2)
Convex Hull
134(10)
Linear Programming and Planar Polyhedra
144(1)
Widening Planar Polyhedra
145(2)
The TVPI Abstract Domain
147(18)
Principles of the TVPI Domain
148(4)
Entailment Chect
150(1)
Convex Hull
150(1)
Projection
151(1)
Reduced Product between Bounds and Inequalities
152(11)
Redundancy Removal in the Reduced Product
155(1)
Incremental Closure
156(4)
Approximating General Inequalities
160(1)
Linear Programming in the TVPI Domain
160(1)
Widening of TVPI Polyhedra
161(2)
Related Work
163(2)
The Integral TVPI Domain
165(20)
The Merit of Z-Polyhedra
166(2)
Improving Precision
166(1)
Limiting the Growth of Coefficients
167(1)
Harvsey's Integral Hull Algorithm
168(9)
Calculating Cuts between two Inequalities
169(3)
Integer Hull in the Reduced Product Domain
172(5)
Planar Z-Polyhedra and Closure
177(5)
Possibel Implementations of a Z-TVPI Domain
177(2)
Tightening Bounds across Projections
179(1)
Discussions and Implementation
180(2)
Related Work
182(3)
Interfacing Analysis and Numeric Domain
185(12)
Separating Interval from Relational Information
185(2)
Inferring Relevant Fields and Addresses
187(5)
Typed Abstract Variables
189(1)
Populating the Field Map
190(2)
Applying Widening in Fixpoint Calculations
192(5)
Part III Improving Precision
Tracking String Lengths
197(20)
Manipulating Implicitly Terminated Strings
198(11)
Analysing the String Loop
199(4)
Calculating a Fixpoint of the Loop
203(6)
Prerequisites for String Buffer Analysis
209(1)
Incorporating String Buffer Analysis
209(4)
Extending the Abstraction Relation
212(1)
Related Work
213(4)
Widening with Landmarks
217(18)
An Introduction to Widening/Narrowing
217(3)
The Limitations of Narrowing
218(2)
Improving Widening and Removing Narrowing
220(1)
Revisiting the Analysis of String Buffers
220(6)
Applying the Widening/Narrowing Approach
222(1)
The Rationale behing Landmarks
222(3)
Creating Landmarks for Widening
225(1)
Using Landmarks in Widening
225(1)
Acquring Landmarks
226(1)
Using Landmarks at a Widening Point
227(2)
Extrapolation Operator for Polyhedra
229(2)
Related Work
231(4)
Combinging Points-to and Numeric Analoyses
235(24)
Boolean Flags in the Numeric Domain
237(4)
Boolean Flags and Unbounded Polyhedra
238(1)
Integrality of the Solution Space
239(1)
Applications of Boolean Flags
240(1)
Incorporating Boolean Flags into Points-to Sets
241(9)
Revising Access Trees and Access Functons
241(3)
The Semantics of Expressions and Assignments
244(2)
Conditionals and Points-to Flags
246(3)
Incorporating Boolean Flags into the Abstraction Relation
249(1)
Parctical Implementation
250(9)
Inferring Points-to Flags on Demand
251(1)
Populating the Address Map on Demand
251(2)
Index-Sensitive Memory Access Functions
253(2)
Related Work
255(4)
Implementation
259(18)
Technical Overview of the Analyser
260(2)
Managing Abstract Domains
262(2)
Calculating Fixpoints
264(7)
Scheduling of Code without Loops
265(2)
Scheduling in the Presence of Loops and Function Calls
267(1)
Deriving an Iteration Strategy from Topology
268(1)
Related Work
269(2)
Limitations of the String Buffer Analysis
271(5)
Weaknesses of Tracking First NUL Positions
271(1)
Handling Symbolic NUL Positions
272(4)
Proposed Future Refinements
276(1)
Conclusion and Outlook
277(4)
A Core C Example 281(4)
References 285(12)
Index 297