Browse > Article

An Expression Violating the Member Accessibility in C++  

Joo, Seong-Yong (동아대학교 컴퓨터공학과)
Jo, Jang-Wu (동아대학교 컴퓨터공학과)
Publication Information
Journal of KIISE:Software and Applications / v.37, no.3, 2010 , pp. 233-237 More about this Journal
Abstract
This paper addresses a problem of violating the member accessibility of a class in C++, which is not detected as an error by existing C++ compilers. The member access specifiers can be used to specify member accessibility. The C++ uses a private or protected specifier for specifying the members which cannot be accessed from outside of an object. However, the private or protected members can be accessed from outside of that object by the pointer arithmetic in C++. We show some violating examples that cannot be detected by existing C++ compilers. The contribution of this paper is to discover and define the new problem of the member accessibility.
Keywords
Member accessibility; Static analysis; Software vulnerability; Software security; Points-to analysis;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Jeffrey S. Foster, Robert Johnsson, John Kodumal, and Alex Aiken, Flow-Insensitive Type Qualifiers, ACM Transactions on Programming Languages and Systems (TOPLAS), vol.28, no.6, 1035-1087, November 2006.   DOI   ScienceOn
2 David Wagner, Jeffrey S. Foster, Eric A. Brewer, and Alexander Aiken, A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities, Networking and Distributed System Security Symposium (NDSS), San Diego, California, February 2000.
3 B. Steensgaard. Points-to analysis in alomost linear time, In Proceedings of the 23rd Annual ACM Symposium on Principles of Programming Languages, pp.32-41, 1996.
4 M. Berndl, O. Lhotak, F. Qian, L. Hendren and N. Umanee, Points-to Analysis using BDDs, PLDI 2003, June 2003.
5 Working Draft, Standard for Programming Language C++, http://www.openstd.org/jtc1/sc22/ wg21/, p.233.
6 A. I. SOTIROV, Automatic vulnerability detection using static source code analysis; Final thesis Department of Computer Science in the Graduate School of University of Alabama, April 2007.
7 Jeffrey S. Foster, M.Fahndrich, and A.Aiken, Flow-Insensitive Points-to Analysis with Term and Set Constraints, Technical Report UCB CSD- 97-964, U. of California, Berkeley, August 1997.