Splint - Secure Programming Lint
Download - Documentation - Manual - Links Sponsors - Credits

Splint Talks

Statically Detecting Likely Buffer Overflow Vulnerabilities [PPT] [PDF]
David Larochelle. Conference presentation at USENIX Security '01, August 16, 2001.
Buffer overflow attacks may be today's single most important security threat. This paper presents a new approach to mitigating buffer overflow vulnerabilities by detecting likely vulnerabilities through an analysis of the program source code. Our approach exploits information provided in semantic comments and uses lightweight and efficient static analyses. This paper describes an implementation of our approach that extends the LCLint annotation-assisted static checking tool. Our tool is as fast as a compiler and nearly as easy to use. We present experience using our approach to detect buffer overflow vulnerabilities in two security-sensitive programs.
Extensible Lightweight Static Checking [PPT] [PDF]
David Evans. Short talk at University of Washington and Microsoft Research Summer Institute on Specifying and Checking Properties of Software, 14 August 2001.
Many properties can be expressed as constraints on abstract state associated with program objects. LCLint (http://lclint.cs.virginia.edu) is an extensible lightweight static checking tool that provides a language for specifying state associated with program objects and introducing annotations that express assumptions and constraints about that state at interface points. This presentation will look at how constraints can be defined for checking use properties of the ANSI C Stream I/O library functions, and report on results from using those constraints to check programs.
CSCP: The Bugs and the Bees: Research in Swarm Programming and Security [PPT]
David Evans. Short presentation for Computer Science Corporate Partners, 9 November 2001.
CS696: The Bugs and the Bees [PPT] [PDF]
David Evans. Research overview talk for graduate orientation seminar, 17 September 2001.
CS390: A Smorgasbord of Security, a Smattering of Swarm Programming, and Sampling of Static Checking and a Splash of Web Sites
David Evans. Senior Seminar (CS 390) talk describing Fourth-Year Thesis Projects I am supervising, 21 March 2001.
Why You Should Be Paranoid About What Comes Into and Out Of Your Computer [PPT]
David Evans. Engineering Week talk, 21 February 2001. (Not really about Splint, but the pictures make up for it...)
Annotation-Assisted Lightweight Static Checking [PPT]
Talk at The First International Workshop on Automated Program Analysis, Testing and Verification (ICSE 2000). June 2000. (Position Paper)
Let's Stop Beating Dead Horses and Start Beating Trojan Horses [PPT]
Slides from my short presentation in a debate on Proof-Carrying Code with Peter Lee at the Infosec Research Council, Malicious Code Study Group. San Antonio, 13 January 2000.
Systems for Safety and Dependability [PPT]
Invited talk at Reliable Software Technologies. Summarizes Naccio and LCLint. Sterling, VA, 14 December 1999.
Splint - Secure Programming Lint evans@virginia.edu
Download - Documentation - Manual - Links
Source - Linux - Publications - Talks
Reporting Bugs    Sponsors - Credits