Statically Detecting Likely Buffer Overflow Vulnerablitites

10 December 2001

David Larochelle

Automated Tools

•Run-time solutions

–StackGuard[USENIX 7], gcc bounds-checking, libsafe[USENIX 2000]

–Performance penalty

–Turns buffer overflow into a DoS attack

•Compile-time solutions - static analysis

–No run-time performance penalty

–Checks properties of all possible executions

–