Value-Range Analysis of C Programs

Towards Proving the Absence of Buffer Overflow Vulnerabilities

By: Axel Simon

Write A Review

Hardcover | 26 June 2008

At a Glance

Hardcover
324 Pages

Dimensions(cm)
23.5 x 15.88 x 1.91

Hardcover

$249.00

or 4 interest-free payments of $62.25 with

Ships in 5 to 7 business days

Abu?erover?owoccurswheninputiswrittenintoamemorybu?erthatisnot large enough to hold the input. Bu?er over?ows may allow a malicious person to gain control over a computer system in that a crafted input can trick the defectiveprogramintoexecutingcodethatisencodedintheinputitself.They are recognised as one of the most widespread forms of security vulnerability, and many workarounds, including new processor features, have been proposed to contain the threat. This book describes a static analysis that aims to prove the absence of bu?er over?ows in C programs. The analysis is conservative in the sense that it locates every possible over?ow. Furthermore, it is fully automatic in that it requires no user annotations in the input program. Thekeyideaoftheanalysisistoinferasymbolicstateforeachp- gram point that describes the possible variable valuations that can arise at that point. The program is correct if the inferred values for array indices and pointer o?sets lie within the bounds of the accessed bu?er. The symbolic state consists of a ?nite set of linear inequalities whose feasible points induce a convex polyhedron that represents an approximation to possible variable valuations. The book formally describes how program operations are mapped to operations on polyhedra and details how to limit the analysis to those p- tionsofstructuresandarraysthatarerelevantforveri?cation.Withrespectto operations on string bu?ers, we demonstrate how to analyse C strings whose length is determined by anul character within the string.

Industry Reviews

From the reviews:

"This book describes a static analysis that aims to prove the absence of buffer overflows in C programs. ... The book formally describes how program operations are mapped to operations on polyhedra. ... Many concepts presented here carry over to other languages such as Java or assembler. So it will be useful to any researcher and student with an interest in static analysis of real-world programming languages." (Stefan Meyer, Zentralblatt MATH, Vol. 1155, 2009)

Shipping

	Standard Shipping	Express Shipping
Metro postcodes:	$9.99	$14.95
Regional postcodes:	$9.99	$14.95
Rural postcodes:	$9.99	$14.95

Orders over $79.00 qualify for free shipping.

How to return your order

At Booktopia, we offer hassle-free returns in accordance with our returns policy. If you wish to return an item, please get in touch with Booktopia Customer Care.

Additional postage charges may be applicable.

Defective items

If there is a problem with any of the items received for your order then the Booktopia Customer Care team is ready to assist you.

For more info please visit our Help Centre.

You Can Find This Book In

Non-Fiction Computing & I.T.Computer Programming & Software Development Programming & Scripting Languages Computer Science Computer Architecture & Logic Design Software Engineering Algorithms & Data Structures

Other Editions and Formats

Paperback

Published: 15th May 2011

View Product

Preface	p. vii
Contributions	p. xvii
List of Figures	p. xix
Introduction	p. 1
Technical Background	p. 2
Value-Range Analysis	p. 4
Analysing C	p. 6
Soundness	p. 7
An Abstraction of C	p. 7
Combining Value and Content Abstraction	p. 8
Combining Pointer and Value-Range Analysis	p. 9
Efficiency	p. 11
Completeness	p. 15
Analysing String Buffers	p. 16
Widening with Landmarks	p. 16
Refining Points-to Analysis	p. 17
Further Refinements	p. 17
Related Tools	p. 18
The Astree Analyser	p. 18
SLAM and ESPX	p. 19
CCured	p. 20
Other Approaches	p. 20
A Semantics for C	p. 23
Core C	p. 23
Preliminaries	p. 28
The Environment	p. 28
Concrete Semantics	p. 32
Collecting Semantics	p. 37
Related Work	p. 42
Abstracting Soundly
Abstract State Space	p. 47
An Introductory Example	p. 48
Points-to Analysis	p. 51
The Points-to Abstract Domain	p. 54
Related Work	p. 55
Numeric Domains	p. 56
The Domain of Convex Polyhedra	p. 56
Operations on Polyhedra	p. 59
Multiplicity Domain	p. 62
Combining the Polyhedral and Multiplicyt Domains	p. 65
Related Work	p. 68
Taming Casting and Wrapping	p. 71
Modelling the Wrapping of Integers	p. 72
A Language Featuring Finite Integer Arithmetic	p. 74
The Syntax of Sub C	p. 74
The Semantics of Sub C	p. 75
Polyhedral Analysis of Finite Integers	p. 76
Implicit Wrapping of Polyhedral Variables	p. 77
Explicit Wrapping of Polyhedral Variables	p. 78
Wrapping Variables with a Finite Range	p. 78
Wrapping Variables with Infinite Ranges	p. 80
Wrapping Several Variables	p. 80
An Algorithm for Explicit Wrapping	p. 82
An Abstract Semantics for Sub C	p. 83
Discussion	p. 86
Related Work	p. 87
Overlapping Memory Accesses and Pointers	p. 89
Memory as a Set of Fields	p. 89
Memory Layout for Core C	p. 90
Access Trees	p. 93
Related Work	p. 99
Mixing Values and Pointers	p. 100
Abstraction Relation	p. 106
On Choosing an Abstraction Framework	p. 108
Abstract Semantics	p. 111
Expressions and Simple Assignments	p. 116
Assigning Structures	p. 118
Casting, &-Operations, and Dynamic Memory	p. 121
Inferring Fields Automatically	p. 123
Ensuring Efficiency
Planar Polyhedra	p. 127
Operations on Inequalities	p. 129
Entailment between Single Inequalities	p. 130
Operations on Sets of Inequalities	p. 131
Entailment Check	p. 131
Removing Redundancies	p. 132
Convex Hull	p. 134
Linear Programming and Planar Polyhedra	p. 144
Widening Planar Polyhedra	p. 145
The TVPI Abstract Domain	p. 147
Principles of the TVPI Domain	p. 148
Entailment Check	p. 150
Convex Hull	p. 150
Projection	p. 151
Reduced Product between Bounds and Inequalities	p. 152
Redundancy Removal in the Reduced Product	p. 155
Incremental Closure	p. 156
Approximating General Inequalities	p. 160
Linear Programming in the TVPI Domain	p. 160
Widening of TVPI Polyhedra	p. 161
Related Work	p. 163
The Integral TVPI Domain	p. 165
The Merit of [characters not reproducible]-Polyhedra	p. 166
Improving Precision	p. 166
Limiting the Growth of Coefficients	p. 167
Harvey's Integral Hull Algorithm	p. 168
Calculating Cuts between Two Inequalities	p. 169
Integer Hull in the Reduced Product Domain	p. 172
Planar [characters not reproducible]-Polyhedra and Closure	p. 177
Possible Implementations of a [characters not reproducible]-TVPI Domain	p. 177
Tightening Bounds across Projections	p. 179
Discussion and Implementation	p. 180
Related Work	p. 182
Interfacing Analysis and Numeric Domain	p. 185
Separating Interval from Relational Information	p. 185
Inferring Relevant Fields and Addresses	p. 187
Typed Abstract Variables	p. 189
Populating the Field Map	p. 190
Applying Widening in Fixpoint Calculations	p. 192
Improving Precision
Tracking String Lengths	p. 197
Manipulating Implicitly Terminated Strings	p. 198
Analysing the String Loop	p. 199
Calculating a Fixpoint of the Loop	p. 203
Prerequisites for String Buffer Analysis	p. 209
Incorporating String Buffer Analysis	p. 209
Extending the Abstraction Relation	p. 212
Related Work	p. 213
Widening with Landmarks	p. 217
An Introduction to Widening/Narrowing	p. 217
The Limitations of Narrowing	p. 218
Improving Widening and Removing Narrowing	p. 220
Revisiting the Analysis of String Buffers	p. 220
Applying the Widening/Narrowing Approach	p. 222
The Rationale behind Landmarks	p. 222
Creating Landmarks for Widening	p. 225
Using Landmarks in Widening	p. 225
Acquiring Landmarks	p. 226
Using Landmarks at a Widening Point	p. 227
Extrapolation Operator for Polyhedra	p. 229
Related Work	p. 231
Combining Points-to and Numeric Analyses	p. 235
Boolean Flags in the Numeric Domain	p. 237
Boolean Flags and Unbounded Polyhedra	p. 238
Integrality of the Solution Space	p. 239
Applications of Boolean Flags	p. 240
Incorporating Boolean Flags into Points-to Sets	p. 241
Revising Access Trees and Access Functions	p. 241
The Semantics of Expressions and Assignments	p. 244
Conditionals and Points-to Flags	p. 246
Incorporating Boolean Flags into the Abstraction Relation	p. 249
Practical Implementation	p. 250
Inferring Points-to Flags on Demand	p. 251
Populating the Address Map on Demand	p. 251
Index-Sensitive Memory Access Functions	p. 253
Related Work	p. 255
Implementation	p. 259
Technical Overview of the Analyser	p. 260
Managing Abstract Domains	p. 262
Calculating Fixpoints	p. 264
Scheduling of Code without Loops	p. 265
Scheduling in the Presence of Loops and Function Calls	p. 267
Deriving an Iteration Strategy from Topology	p. 268
Related Work	p. 269
Limitations of the String Buffer Analysis	p. 271
Weaknesses of Tracking First NUL Positions	p. 271
Handling Symbolic NUL Positions	p. 272
Proposed Future Refinements	p. 276
Conclusion and Outlook	p. 277
A Core C Example	p. 281
References	p. 285
Index	p. 297
Table of Contents provided by Ingram. All Rights Reserved.

Value-Range Analysis of C Programs

Towards Proving the Absence of Buffer Overflow Vulnerabilities

At a Glance

Hardcover

Industry Reviews

Shipping

How to return your order

Defective items

You Can Find This Book In

Other Editions and Formats

Paperback

More in Computer Architecture & Logic Design

Computer Architecture

A Quantitative Approach

Site Reliability Engineering

How Google Runs Production Systems

Parallel Computing

Design and Analysis of Algorithms

Computer Architecture

A Modern Approach

Basic Computer Architecture

Fundamentals of Software Architecture

A Modern Engineering Approach

Making Embedded Systems

2nd Edition - Design Patterns for Great Software

Clean Architecture

A Craftsman's Guide to Software Structure and Design

Rust Atomics and Locks

Low-Level Concurrency in Practice

Architecture Patterns with Python

Enabling Test-Driven Development, Domain-Driven Design, and Event-Driven Microservices

The Software Architect Elevator

Redefining the Architect's Role in the Digital Enterprise

Developing Graphics Frameworks with Java and OpenGL

Learning Systems Thinking

Essential Non-Linear Skills and Practices for Software Professionals

Platform Engineering

A Guide for Technical, Product, and People Leaders

Learning Microsoft Power Automate

Improving Productivity for Business Processes and Workflows

Domain-Driven Transformation

Modernize Legacy Systems and Mitigate Risk

Technology Strategy Patterns

Analyzing and Communicating Architectural Decisions

Simply AI

Facts Made Fast

Fundamentals of DevOps and Software Delivery

A Hands-On Guide to Deploying and Managing Software in Production

Kubernetes - Up and Running

Dive into the Future of Infrastructure

Building Event-Driven Microservices

Leveraging Organizational Data at Scale

Digital Design and Computer Architecture

ARM Edition

Building Microservices

Designing Fine-Grained Systems 2nd Edition

Digital Design and Computer Architecture

2nd Edition

This product is categorised by