Mitigating program security vulnerabilities: Approaches and challenges
H Shahriar, M Zulkernine - ACM Computing Surveys (CSUR), 2012 - dl.acm.org
Programs are implemented in a variety of languages and contain serious vulnerabilities
which might be exploited to cause security breaches. These vulnerabilities have been …
which might be exploited to cause security breaches. These vulnerabilities have been …
An empirical study on the effectiveness of static C code analyzers for vulnerability detection
S Lipp, S Banescu, A Pretschner - Proceedings of the 31st ACM …, 2022 - dl.acm.org
Static code analysis is often used to scan source code for security vulnerabilities. Given the
wide range of existing solutions implementing different analysis techniques, it is very …
wide range of existing solutions implementing different analysis techniques, it is very …
Modeling and discovering vulnerabilities with code property graphs
F Yamaguchi, N Golde, D Arp… - 2014 IEEE symposium on …, 2014 - ieeexplore.ieee.org
The vast majority of security breaches encountered today are a direct result of insecure
code. Consequently, the protection of computer systems critically depends on the rigorous …
code. Consequently, the protection of computer systems critically depends on the rigorous …
Lava: Large-scale automated vulnerability addition
Work on automating vulnerability discovery has long been hampered by a shortage of
ground-truth corpora with which to evaluate tools and techniques. This lack of ground truth …
ground-truth corpora with which to evaluate tools and techniques. This lack of ground truth …
[PDF][PDF] Discovre: Efficient cross-architecture identification of bugs in binary code.
S Eschweiler, K Yakdan, E Gerhards-Padilla - Ndss, 2016 - ndss-symposium.org
The identification of security-critical vulnerabilities is a key for protecting computer systems.
Being able to perform this process at the binary level is very important given that many …
Being able to perform this process at the binary level is very important given that many …
A Survey on Thwarting Memory Corruption in RISC-V
M Brohet, F Regazzoni - ACM Computing Surveys, 2023 - dl.acm.org
With embedded devices becoming more pervasive and entrenched in society, it is
paramount to keep these systems secure. A threat plaguing these systems consists of …
paramount to keep these systems secure. A threat plaguing these systems consists of …
Dowsing for {Overflows}: A Guided Fuzzer to Find Buffer Boundary Violations
Dowser is a 'guided'fuzzer that combines taint tracking, program analysis and symbolic
execution to find buffer overflow and underflow vulnerabilities buried deep in a program's …
execution to find buffer overflow and underflow vulnerabilities buried deep in a program's …
Leopard: Identifying vulnerable code for vulnerability assessment through program metrics
Identifying potentially vulnerable locations in a code base is critical as a pre-step for effective
vulnerability assessment; ie, it can greatly help security experts put their time and effort to …
vulnerability assessment; ie, it can greatly help security experts put their time and effort to …
Evaluating static analysis defect warnings on production software
Static analysis tools for software defect detection are becoming widely used in practice.
However, there is little public information regarding the experimental evaluation of the …
However, there is little public information regarding the experimental evaluation of the …
Why can't johnny fix vulnerabilities: A usability evaluation of static analysis tools for security
Static analysis tools can help prevent security incidents, but to do so, they must enable
developers to resolve the defects they detect. Unfortunately, developers often struggle to …
developers to resolve the defects they detect. Unfortunately, developers often struggle to …