Summary: A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities 
David Wagner Jeffrey S. Foster Eric A. Brewer Alexander Aiken
University of California, Berkeley
Abstract
We describe a new technique for finding potential buffer
overrun vulnerabilities in security­critical C code. The key
to success is to use static analysis: we formulate detec­
tion of buffer overruns as an integer range analysis prob­
lem. One major advantage of static analysis is that secu­
rity bugs can be eliminated before code is deployed. We
have implemented our design and used our prototype to find
new remotely­exploitable vulnerabilities in a large, widely
deployed software package. An earlier hand audit missed
these bugs.
1. Introduction
Buffer overrun vulnerabilities have plagued security ar­
chitects for at least a decade. In November 1988, the in­
famous Internet worm infected thousands or tens of thou­
sands of network­connected hosts and fragmented much of
the known net [17]. One of the primary replication mecha­

Source: Aiken, Alex - Department of Computer Science, Stanford University
Wagner, David - Department of Electrical Engineering and Computer Sciences, University of California at Berkeley

Collections: Computer Technologies and Information Sciences