Filters








3,077 Hits in 3.4 sec

DoubleTake: Fast and Precise Error Detection via Evidence-Based Dynamic Analysis [article]

Tongping Liu, Charlie Curtsinger, Emery D. Berger
2016 arXiv   pre-print
We demonstrate DoubleTake's generality and efficiency by building dynamic analyses that find buffer overflows, memory use-after-free errors, and memory leaks.  ...  We present DoubleTake, a prototype evidence-based dynamic analysis framework. DoubleTake is practical and easy to deploy, requiring neither custom hardware, compiler, nor operating system support.  ...  Charlie Curtsinger was supported by a Google PhD Research Fellowship.  ... 
arXiv:1601.07962v1 fatcat:ljbiukfwffbgraj5px43tfj4rq

Buffer Overflow Detection via Static Analysis: Expectations vs. Reality
Статический анализ для поиска переполнения буфера: актуальные направления развитияалгоритмов

I.A. Dudina
2018 Proceedings of the Institute for System Programming of RAS  
Our goal is to use this knowledge to enhance our own buffer overrun detector.  ...  Over the last few decades buffer overflow remains one of the main sources of program errors and vulnerabilities.  ...  ), "dynamic buffer underrun" (39 cases) from the "dynamic memory" type.  ... 
doi:10.15514/ispras-2018-30(3)-2 fatcat:nk3gcaxlfvcwfebnq6woqjsrpq

Decoupled lifeguards

Olatunji Ruwase, Shimin Chen, Phillip B. Gibbons, Todd C. Mowry
2010 SIGPLAN notices  
A Practical Dynamic Buffer Overflow Detector. In Proceedings of the 11th Annual Network and Distributed System Security Symposium, 2004.  ...  Developed CRED, a dynamic buffer overflow detector for C programs. Publicly available as a GCC extension. Presented at NDSS 2004. Computer Architecture, 2008. MOBICOM 2008 F. Dogar, A.  ... 
doi:10.1145/1809028.1806600 fatcat:sv2frxhrdzfdxpenteni222rsu

Decoupled lifeguards

Olatunji Ruwase, Shimin Chen, Phillip B. Gibbons, Todd C. Mowry
2010 Proceedings of the 2010 ACM SIGPLAN conference on Programming language design and implementation - PLDI '10  
A Practical Dynamic Buffer Overflow Detector. In Proceedings of the 11th Annual Network and Distributed System Security Symposium, 2004.  ...  Developed CRED, a dynamic buffer overflow detector for C programs. Publicly available as a GCC extension. Presented at NDSS 2004. Computer Architecture, 2008. MOBICOM 2008 F. Dogar, A.  ... 
doi:10.1145/1806596.1806600 dblp:conf/pldi/RuwaseCGM10 fatcat:aafqkimlvbbq7hkyo5xe7omsyq

Cruiser

Qiang Zeng, Dinghao Wu, Peng Liu
2011 SIGPLAN notices  
We present a concurrent heap buffer overflow detector, CRUISER, in which a concurrent thread is added to the user program to monitor heap integrity, and custom lock-free data structures and algorithms  ...  As a case study, software cruising is applied to the heap buffer overflow problem.  ...  In this paper, we present Cruiser-a novel dynamic heap buffer overflow detector which does not have those limitations.  ... 
doi:10.1145/1993316.1993541 fatcat:prz4c6hjbjbdrd6mk3bonb2aam

Cruiser

Qiang Zeng, Dinghao Wu, Peng Liu
2011 Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation - PLDI '11  
We present a concurrent heap buffer overflow detector, CRUISER, in which a concurrent thread is added to the user program to monitor heap integrity, and custom lock-free data structures and algorithms  ...  As a case study, software cruising is applied to the heap buffer overflow problem.  ...  In this paper, we present Cruiser-a novel dynamic heap buffer overflow detector which does not have those limitations.  ... 
doi:10.1145/1993498.1993541 dblp:conf/pldi/ZengWL11 fatcat:juqbijtbwfg23l64ueduhmfzcm

Cruiser

Qiang Zeng, Dinghao Wu, Peng Liu
2012 SIGPLAN notices  
We present a concurrent heap buffer overflow detector, CRUISER, in which a concurrent thread is added to the user program to monitor heap integrity, and custom lock-free data structures and algorithms  ...  As a case study, software cruising is applied to the heap buffer overflow problem.  ...  In this paper, we present Cruiser-a novel dynamic heap buffer overflow detector which does not have those limitations.  ... 
doi:10.1145/2345156.1993541 fatcat:z2yp63w4dbbunems6ttc6mgike

Marple

Wei Le, Mary Lou Soffa
2008 Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering - SIGSOFT '08/FSE-16  
We first develop a vulnerability model for buffer overflow and then use the model in the development of the demand-driven path-sensitive analyzer.  ...  In this paper, we develop a static analyzer for detecting and helping diagnose buffer overflows with the key idea of categorizing program paths as they relate to vulnerability.  ...  Bugbench uses a set of dynamic error detectors such as Purify and CCured to detect overflow [16] .  ... 
doi:10.1145/1453101.1453137 dblp:conf/sigsoft/LeS08 fatcat:un2qhpog6rgafmopn5dg3isbj4

Pinpointing Vulnerabilities

Yue Chen, Mustakimur Khandaker, Zhi Wang
2017 Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security - ASIA CCS '17  
Ravel consists of an online attack detector and an offline vulnerability locator linked by a record & replay mechanism.  ...  However, developers still need to locate and fix these vulnerabilities, a mostly manual and time-consuming process. They face a number of challenges.  ...  Buffer overflows: a buffer overflow, or a buffer overrun, happens when a program writes more data into a buffer than it can hold, overwriting the adjacent data.  ... 
doi:10.1145/3052973.3053033 dblp:conf/ccs/ChenKW17 fatcat:u6v47cm4znbbvckzxetz4p5utu

Behave or be watched

Akshay Kumar, Peter Goodman, Ashvin Goel, Angela Demke Brown
2013 Proceedings of the 9th Workshop on Hot Topics in Dependable Systems - HotDep '13  
Dynamic binary translation (DBT) systems provide a powerful facility for building program analysis and debugging tools.  ...  We describe four applications developed using our watchpoint framework: detecting buffer overflows, detecting read-before-write and memory freeing bugs, detecting memory leaks and enforcing fine-grained  ...  Stack-based overflow detection. To detect stack overflows, we view the memory occupied by the activation frame of an invoked function as a dynamically-sized buffer.  ... 
doi:10.1145/2524224.2524234 dblp:conf/hotdep/KumarGGB13 fatcat:rrt6rn5m75e3xe4sorbjrrugba

ConMem

Wei Zhang, Chong Sun, Shan Lu
2010 SIGARCH Computer Architecture News  
ConMem detects more tested bugs (8 out of 9 bugs) than a lock-set-based race detector and an unserializable-interleaving detector that detect 4 and 5 bugs respectively, with a false positive rate about  ...  We call this pattern concurrency-memory bugs: buggy interleavings directly cause memory bugs (NULL-pointerdereference, dangling-pointer, buffer-overflow, uninitialized-read) on shared memory objects.  ...  This research is partially supported by a Claire Boothe Luce faculty fellowship.  ... 
doi:10.1145/1735970.1736041 fatcat:eznfy4fgxnhtpetvovan6z4bhu

ConMem

Wei Zhang, Chong Sun, Shan Lu
2010 Proceedings of the fifteenth edition of ASPLOS on Architectural support for programming languages and operating systems - ASPLOS '10  
ConMem detects more tested bugs (8 out of 9 bugs) than a lock-set-based race detector and an unserializable-interleaving detector that detect 4 and 5 bugs respectively, with a false positive rate about  ...  We call this pattern concurrency-memory bugs: buggy interleavings directly cause memory bugs (NULL-pointerdereference, dangling-pointer, buffer-overflow, uninitialized-read) on shared memory objects.  ...  This research is partially supported by a Claire Boothe Luce faculty fellowship.  ... 
doi:10.1145/1736020.1736041 dblp:conf/asplos/ZhangSL10 fatcat:3msfnlwgavg2faxhyka2jvnv3i

ConMem

Wei Zhang, Chong Sun, Shan Lu
2010 SIGPLAN notices  
ConMem detects more tested bugs (8 out of 9 bugs) than a lock-set-based race detector and an unserializable-interleaving detector that detect 4 and 5 bugs respectively, with a false positive rate about  ...  We call this pattern concurrency-memory bugs: buggy interleavings directly cause memory bugs (NULL-pointerdereference, dangling-pointer, buffer-overflow, uninitialized-read) on shared memory objects.  ...  This research is partially supported by a Claire Boothe Luce faculty fellowship.  ... 
doi:10.1145/1735971.1736041 fatcat:k7pinzusp5eb3azprjjl3w6hym

Embedded TaintTracker: Lightweight Run-Time Tracking of Taint Data against Buffer Overflow Attacks

Yuan-Cheng LAI, Ying-Dar LIN, Fan-Cheng WU, Tze-Yau HUANG, Frank C. LIN
2011 IEICE transactions on information and systems  
A buffer overflow attack occurs when a program writes data outside the allocated memory in an attempt to invade a system.  ...  Approximately forty percent of all software vulnerabilities over the past several years are attributed to buffer overflow. Taint tracking is a novel technique to prevent buffer overflow.  ...  4.7x : Complete : Partial ×: Not supported * Table 2 2 Dynamic buffer overflow detector.  ... 
doi:10.1587/transinf.e94.d.2129 fatcat:esj2toqxifbenmqfzpzjcb4o4i

Convicting exploitable software vulnerabilities: An efficient input provenance based approach

Zhiqiang Lin, Xiangyu Zhang, Dongyan Xu
2008 2008 IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN)  
In this paper, we propose a lightweight dynamic approach which generates evidence for various security vulnerabilities in software, with the goal of relieving the manual procedure.  ...  Convicting a suspect and vindicating false positives are mostly a highly demanding manual process, requiring a certain level of understanding of the software.  ...  In this paper, we propose a practical dynamic approach that is intended to use in combination with other static tools.  ... 
doi:10.1109/dsn.2008.4630093 dblp:conf/dsn/LinZX08 fatcat:wpapga7rqbdcjg2bhmmyexkj24
« Previous Showing results 1 — 15 out of 3,077 results