1 |
P. Cousot, R. Cousot. 'Abstract Interpretation: A Unified Lattice Model for Static Analysis of Programs by Construction or Approximation of Fixpoints', POPL'77
|
2 |
http://www.polyspace.com/
|
3 |
S. Hallem, B. Chelf, Y. Xie, D. Engler, 'A System and Language for Building System-Specific, Static Analyses', PLDI'02
|
4 |
B. Steensgaard, 'Points-to Analysis in Almost Linear Time', PLDI'96
|
5 |
M. Zitser, R. Lippmann, T. Leek, 'Testing Static Analysis Tools using Exploitable Buffer Overflows from Open Source Code', SIGSOFT'04/FSE-12
|
6 |
http://manju.cs.berkeley.edu/cil/
|
7 |
D. Wagner, J. Foster, E. Brewer, A. Aiken, 'A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities', NDSS'00
|
8 |
http://ropas.snu.ac.kr/2005/airac5/
|
9 |
J. Pincus, B. Baker, 'Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns', IEEE Security & Privacy, 2(4), pp. 20-27, Jul/Aug 2004
|
10 |
M. Kaempf, 'Vudo - An object superstitiously believed to embody magical powers', Phrack 57, 2001
|
11 |
Y. Jung, J. Kim, J. Shin, K. Yi, 'Taming False Alarms from a Domain-Unaware C Analyzer by a Bayesian Statistical Post Analysis', SAS'05
|
12 |
Y. Xie, A. Chou, D. Engler, 'ARCHER: Using Symbolic, Path-sensitive Analysis to Detect Memory Access Errors', ESEC/FSE'03
|
13 |
Aleph One, 'Smashing the Stack for Fun and Profit', Phrack, 49, 1996
|
14 |
http://www.coverity.com/
|
15 |
P. Cousot, R. Cousot, 'Automatic Discovery of Linear Restraints Among Variables of a Program', POPL'78
|
16 |
R. Secord, Secure Coding in C and C++, Addison Wesley, 2006
|
17 |
A. Mine, 'Weakly Relational Abstract Domains: Theory and Applications', NSAD'05
|
18 |
D. Larochelle, D. Evans, 'Statically Detecting Likely Buffer Overflow Vulnerabilities', USENIX Security 2001
|