A Comparison of Publicly Available Tools for Static Intrusion Prevention
2002 (English)In: Nordic Workshop on Secure IT Systems NordSec,2002, Karlstad, Sweden: Karlstad University Studies , 2002, 68- p.Conference paper (Refereed)
The size and complexity of today's software systems is growing, increasing the number of bugs and thus the possibility of security vulnerabilities. Two common attacks against such vulnerabilities are buffer overflow and format string attacks. In this paper we implement a testbed of 44 function calls in C to empirically compare five publicly available tools for static analysis aiming to stop these attacks. The results show very high rates of false positives for the tools building on lexical analysis and very low rates of true positives for the tools building on syntactical and semantical analysis.
Place, publisher, year, edition, pages
Karlstad, Sweden: Karlstad University Studies , 2002. 68- p.
Security intrusions, intrusion prevention, static analysis, security testing, bu↵er overflow, format string attack
IdentifiersURN: urn:nbn:se:liu:diva-29494Local ID: 14849OAI: oai:DiVA.org:liu-29494DiVA: diva2:250309
7th Nordic Workshop on Secure IT Systems, "Towards Secure and Privacy-Enhanced Systems", 7-8 November 2002, Karlstad University, Sweden