-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathpubs.html
More file actions
executable file
·321 lines (284 loc) · 9.41 KB
/
pubs.html
File metadata and controls
executable file
·321 lines (284 loc) · 9.41 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
<html>
<head>
<link rel="stylesheet" type="text/css" href="/splint.css" title="style1">
<title>Splint Publications</title>
</head>
<body>
<table border="0" rules="none" bgcolor="#FFFFFF" width="95%" align=center cellpadding=0 cellspacing=0>
<tr>
<td colspan=2 bgcolor="#FFFFFF"></td>
</tr>
<tr>
<td colspan=2 bgcolor="#FFFFFF"></td>
</tr>
<tr>
<td colspan=2 bgcolor="#FFFFFF"></td>
</tr>
<tr>
<td colspan=2 bgcolor="#FFFFFF"></td>
</tr>
<tr>
<td colspan=2 bgcolor="#FFFFFF"></td>
</tr>
<tr>
<td colspan=2 bgcolor="#FFFFFF"></td>
</tr>
<tr>
<td>
<font color="darkblue" face="arial,helvetica"><a href="//www.splint.org/"><b>Splint</b> - Secure Programming Lint</a><br></font>
</td>
<td align=right>
<font face="arial,helvetica,sans-serif"><font color="darkblue">
<font size=-1>
<a href="mailto:info@splint.org">info@splint.org</a></font>
</font></font>
</td>
</tr>
<tr>
<td colspan=2 bgcolor="darkblue"></td>
</tr>
<tr>
<td colspan=2 bgcolor="darkblue"></td>
</tr>
<tr>
<td colspan=2 bgcolor="white"></td>
</tr>
<tr>
<td colspan=2 bgcolor="slate"></td>
</tr>
<tr>
<td>
<font face="arial,helvetica,sans-serif" size=-1>
<a
href="//www.splint.org/download.html">Download</a>
-
<A
HREF="//www.splint.org/documentation/">Documentation</a>
-
<a href="//www.splint.org/manual/">Manual</a>
-
<a
href="//www.splint.org/links.html">Links</a>
</font>
</td>
<td align=right>
<font face="arial,helvetica,sans-serif" size=-1>
<a
href="//www.splint.org/bugs.html">Reporting
Bugs</a> -
<a
href="//www.splint.org/lists.html">Mailing
Lists</a>
<a
href="//www.splint.org/sponsors.html">Sponsors</a>
-
<a
href="//www.splint.org/credits.html">Credits</a>
</font>
</td>
</tr>
</table>
<p>
<blockquote>
<center><h2>
Splint Publications
</h2></center>
<h3>Refereed Papers</h3>
<a href="//www.cs.virginia.edu/evans/pubs/ieeesoftware-abstract.html">
<em>Improving Security Using Extensible Lightweight Static
Analysis</em></a>
<blockquote>
David Evans and David Larochelle. In <a href="//www.computer.org/software/">IEEE Software</a>, Jan/Feb
2002. (<a
href="//www.cs.virginia.edu/evans/pubs/ieeesoftware-revised.pdf">PDF</a>,
12 pages)
<p>
Most security attacks exploit instances of well-known classes of
implementations flaws. This article describes how Splint can be used to
detect common security vulnerabilities (including buffer overflows and
format string vulnerabilities).
</blockquote>
<a href="//www.cs.virginia.edu/~evans/usenix01-abstract.html"><em>Statically Detecting Likely Buffer Overflow Vulnerabilities</em></a>
<blockquote>
David Larochelle and David Evans. In
<a
href="//www.usenix.org/events/sec01/"<em>
2001 USENIX Security Symposium</em></a>, Washington, D. C., August
13-17, 2001. (<a
href="//lclint.cs.virginia.edu/usenix01.pdf">PDF</a>, <a
href="//lclint.cs.virginia.edu/usenix01.html">HTML</a>, 13 pages)
(<a href="//www.cs.virginia.edu/evans/talks/usenix.ppt">
Talk slides</a> [<a
href="//www.cs.virginia.edu/evans/talks/usenix.ppt">PPT</a>]
[<a
href="//www.cs.virginia.edu/evans/talks/usenix.pdf">PDF</a>])
<p>
Buffer overflow attacks may be today's single most important security
threat. This paper presents a new approach to mitigating buffer
overflow vulnerabilities by detecting likely vulnerabilities through
an analysis of the program source code. Our approach exploits
information provided in semantic comments and uses lightweight and
efficient static analyses. This paper describes an implementation of
our approach that extends the LCLint annotation-assisted static
checking tool. Our tool is as fast as a compiler and nearly as easy to
use. We present experience using our approach to detect buffer
overflow vulnerabilities in two security-sensitive programs.
</blockquote>
<p>
<a href="//www.cs.virginia.edu/~evans/icse-position.html">
Annotation-Assisted Lightweight Static Checking</a>
<blockquote>
David Evans. <a href="//ase.arc.nasa.gov/icse2000/">The First International Workshop on Automated Program Analysis, Testing and Verification</a> (ICSE 2000). Feb 25, 2000.
<p>
A short position paper describing the research agenda behind LCLint.
</blockquote>
<p>
<A HREF="//www.cs.virginia.edu/~evans/pldi96-abstract.html">Static Detection of Dynamic Memory
Errors</A>
<blockquote> David Evans. In <A
HREF="//www.cs.wisc.edu/~fischer/pldi96/index.html"> SIGPLAN
Conference on Programming Language Design and Implementation</A> (PLDI
'96), Philadelphia, PA, May 1996. (<a href="//www.cs.virginia.edu/~evans/pldi96.pdf">PDF</a>, <a href="//www.cs.virginia.edu/~evans/pldi96.ps.gz">gzipped
postscript</a>; 10 pages)
<p>
Describes approach for exploiting annotations added to code to detect
a wide class of errors, focusing on memory management concerns.
</blockquote>
<P>
<A HREF="//www.cs.virginia.edu/~evans/sigsoft94.html">LCLint: A Tool for Using Specifications to
Check Code</A>
<blockquote> David Evans, John Guttag, Jim Horning and Yang Meng Tan,
SIGSOFT Symposium on the Foundations of Software Engineering, December
1994. (<a href="//www.cs.virginia.edu/~evans/fse94.pdf">PDF</a>, <a href="//www.cs.virginia.edu/~evans/fse94.ps.gz">gzipped postscript</a>; 10 pages)
<p>
An introduction to LCLint from a software engineering perspective.
Shows how LCLint can be used to improve a small <a href="samples/db/">sample program</a>.
</blockquote>
<h3>Theses</h3>
<p>
<a href="//www.cs.virginia.edu/~evans/theses/index.html#barker">Static Error Checking of C Applications Ported from
UNIX to WIN32 Systems Using LCLint</a>, March 2001. [<a href="//www.cs.virginia.edu/~evans/theses/barker.pdf">PDF</a>, <a href="//www.cs.virginia.edu/~evans/theses/barker.doc">Word</a>]
<blockquote>
Christopher Barker, UVA Bachelor of Science in Computer Engineering, March 2001.
<p>
Describes process and experience using LCLint meta-annotations to
define and use annotations designed to assist the process of porting
applications. (Some of the LCLint features described in this report
are not yet available in the public release. Contact <a
href="mailto:lclint@cs.virginia.edu"><em>lclint@cs.virginia.edu</em></a>
if you are interested in using a pre-release version.)
</blockquote>
<A HREF="//www.cs.virginia.edu/~evans/tr-628.html">Using Specifications to Check Source Code</A>
<blockquote>David Evans, MIT/LCS/TR-628, June 1994, SM Thesis.
<p>
MIT Master's Thesis on LCLint. Detailed description of the motivation
and use of LCLint (but somewhat out of date).
</blockquote>
<p>
Undergratuate Theses related to Splint:
<ul>
<li><a href="mailto:dkf5k@virginia.edu">David Friedman</a> -
investigating effectiveness of static analysis in security
<li><a href="mailto:lanouette@virginia.edu">Michael Lanouette</a> -
<em>Static Checking of Coding Standards</em>
<li><a href="mailto:hlp4z@virginia.edu">Hien Phan</a> - <em>Developing a
Web Interface for the LCLint Static Checker</em>
</ul>
<h3>Manual</h3>
<a href="//www.splint.org/manual/">Splint Manual</a>
<blockquote>
Secure Programming Group, 2002. (<a href="//www.splint.org/manual/manual.html">HTML</a>, <a href="//www.splint.org/manual/manual.pdf">PDF</a>, <a href="manual/manual.ps">postscript</a>)
<p>
A comprehensive guide to using Splint.
</blockquote>
<a href="//www.splint.org/guide/">LCLint User's Guide</a>
<blockquote>
David Evans, 1996-2000. (<a href="//www.splint.org/guide/guide.html">HTML</a>, <a
href="//www.splint.org/guide/guide.pdf">PDF</a>, <a href="//www.splint.org/guide/guide.ps">postscript</a>)
<p>
A comprehensive guide to using LCLint (superceded by Splint Manual).
</blockquote>
</blockquote>
<table border="0" rules="none" bgcolor="#FFFFFF" width="95%" align=center cellpadding=0 cellspacing=0>
<tr valign=top>
<td colspan=2 bgcolor="darkblue"></td>
<tr valign=top>
<td colspan=2 bgcolor="darkblue"></td>
<tr valign=top>
<td colspan=2 bgcolor="white"></td>
</tr>
<tr valign=top>
<td width=135 >
<a href="//www.splint.org"><img src="//www.splint.org/glowingwall-narrows.jpg"
width=132 height=65 border=0 alt=""></a>
</td>
<td>
<table cellpadding=0 cellspacing=0 width="100%">
<tr>
<td colspan=2 bgcolor="slate"></td>
</tr>
<tr>
<td>
<font color="darkblue" face="arial,helvetica"><a href="//www.splint.org/"><b>Splint</b> - Secure Programming Lint</a></font>
</td>
<td align=right>
<font face="arial,helvetica,sans-serif"><font color="darkblue">
<font size=-1>
<a href="mailto:info@splint.org">info@splint.org</a></font>
</font></font>
</td>
</tr>
<tr>
<td>
<font face="arial,helvetica,sans-serif" size=-1>
<a
href="//www.splint.org/download.html">Download</a>
-
<A
HREF="//www.splint.org/documentation/">Documentation</a>
-
<a href="//www.splint.org/manual/">Manual</a>
-
<a
href="//www.splint.org/links.html">Links</a><br>
<a
href="//www.splint.org/source.html">Source</a>
-
<A
HREF="//www.splint.org/linux.html">Linux</a>
-
<a href="//www.splint.org/pubs.html">Publications</a>
-
<a
href="//www.splint.org/talks.html">Talks</a><br>
</font>
</td>
<td align=right valign=top>
<font face="arial,helvetica,sans-serif" size=-1>
<a
href="//www.splint.org/bugs.html">Reporting
Bugs</a>
<a
href="//www.splint.org/sponsors.html">Sponsors</a>
-
<a
href="//www.splint.org/credits.html">Credits</a>
</font>
</td>
</tr>
</table>
</td>
</tr>
</table>
<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
</script>
<script type="text/javascript">
var pageTracker = _gat._getTracker("UA-3775212-3");
pageTracker._initData();
pageTracker._trackPageview();
</script>
</body>
</html>