A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Filters
DoubleTake: Fast and Precise Error Detection via Evidence-Based Dynamic Analysis
[article]
2016
arXiv
pre-print
Preserved Fulltext
We demonstrate DoubleTake's generality and efficiency by building dynamic analyses that find buffer overflows, memory use-after-free errors, and memory leaks. ...
We present DoubleTake, a prototype evidence-based dynamic analysis framework. DoubleTake is practical and easy to deploy, requiring neither custom hardware, compiler, nor operating system support. ...
Charlie Curtsinger was supported by a Google PhD Research Fellowship. ...
arXiv:1601.07962v1
fatcat:ljbiukfwffbgraj5px43tfj4rq
Buffer Overflow Detection via Static Analysis: Expectations vs. Reality
Статический анализ для поиска переполнения буфера: актуальные направления развитияалгоритмов
2018
Proceedings of the Institute for System Programming of RAS
Статический анализ для поиска переполнения буфера: актуальные направления развитияалгоритмов
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
Our goal is to use this knowledge to enhance our own buffer overrun detector. ...
Over the last few decades buffer overflow remains one of the main sources of program errors and vulnerabilities. ...
), "dynamic buffer underrun" (39 cases) from the "dynamic memory" type. ...
doi:10.15514/ispras-2018-30(3)-2
fatcat:nk3gcaxlfvcwfebnq6woqjsrpq
Decoupled lifeguards
2010
SIGPLAN notices
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2015; you can also visit the original URL.
The file type is application/pdf.
A Practical Dynamic Buffer Overflow Detector. In Proceedings
of the 11th Annual Network and Distributed System Security Symposium, 2004. ...
Developed CRED, a dynamic buffer overflow detector for C programs. Publicly available as a GCC extension. Presented at NDSS 2004. Computer Architecture, 2008.
MOBICOM 2008 F. Dogar, A. ...
doi:10.1145/1809028.1806600
fatcat:sv2frxhrdzfdxpenteni222rsu
Decoupled lifeguards
2010
Proceedings of the 2010 ACM SIGPLAN conference on Programming language design and implementation - PLDI '10
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2015; you can also visit the original URL.
The file type is application/pdf.
A Practical Dynamic Buffer Overflow Detector. In Proceedings
of the 11th Annual Network and Distributed System Security Symposium, 2004. ...
Developed CRED, a dynamic buffer overflow detector for C programs. Publicly available as a GCC extension. Presented at NDSS 2004. Computer Architecture, 2008.
MOBICOM 2008 F. Dogar, A. ...
doi:10.1145/1806596.1806600
dblp:conf/pldi/RuwaseCGM10
fatcat:aafqkimlvbbq7hkyo5xe7omsyq
Cruiser
2011
SIGPLAN notices
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
We present a concurrent heap buffer overflow detector, CRUISER, in which a concurrent thread is added to the user program to monitor heap integrity, and custom lock-free data structures and algorithms ...
As a case study, software cruising is applied to the heap buffer overflow problem. ...
In this paper, we present Cruiser-a novel dynamic heap buffer overflow detector which does not have those limitations. ...
doi:10.1145/1993316.1993541
fatcat:prz4c6hjbjbdrd6mk3bonb2aam
Cruiser
2011
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation - PLDI '11
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
We present a concurrent heap buffer overflow detector, CRUISER, in which a concurrent thread is added to the user program to monitor heap integrity, and custom lock-free data structures and algorithms ...
As a case study, software cruising is applied to the heap buffer overflow problem. ...
In this paper, we present Cruiser-a novel dynamic heap buffer overflow detector which does not have those limitations. ...
doi:10.1145/1993498.1993541
dblp:conf/pldi/ZengWL11
fatcat:juqbijtbwfg23l64ueduhmfzcm
Cruiser
2012
SIGPLAN notices
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
We present a concurrent heap buffer overflow detector, CRUISER, in which a concurrent thread is added to the user program to monitor heap integrity, and custom lock-free data structures and algorithms ...
As a case study, software cruising is applied to the heap buffer overflow problem. ...
In this paper, we present Cruiser-a novel dynamic heap buffer overflow detector which does not have those limitations. ...
doi:10.1145/2345156.1993541
fatcat:z2yp63w4dbbunems6ttc6mgike
Marple
2008
Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering - SIGSOFT '08/FSE-16
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2011; you can also visit the original URL.
The file type is application/pdf.
We first develop a vulnerability model for buffer overflow and then use the model in the development of the demand-driven path-sensitive analyzer. ...
In this paper, we develop a static analyzer for detecting and helping diagnose buffer overflows with the key idea of categorizing program paths as they relate to vulnerability. ...
Bugbench uses a set of dynamic error detectors such as Purify and CCured to detect overflow [16] . ...
doi:10.1145/1453101.1453137
dblp:conf/sigsoft/LeS08
fatcat:un2qhpog6rgafmopn5dg3isbj4
Pinpointing Vulnerabilities
2017
Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security - ASIA CCS '17
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
Ravel consists of an online attack detector and an offline vulnerability locator linked by a record & replay mechanism. ...
However, developers still need to locate and fix these vulnerabilities, a mostly manual and time-consuming process. They face a number of challenges. ...
Buffer overflows: a buffer overflow, or a buffer overrun, happens when a program writes more data into a buffer than it can hold, overwriting the adjacent data. ...
doi:10.1145/3052973.3053033
dblp:conf/ccs/ChenKW17
fatcat:u6v47cm4znbbvckzxetz4p5utu
Behave or be watched
2013
Proceedings of the 9th Workshop on Hot Topics in Dependable Systems - HotDep '13
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Dynamic binary translation (DBT) systems provide a powerful facility for building program analysis and debugging tools. ...
We describe four applications developed using our watchpoint framework: detecting buffer overflows, detecting read-before-write and memory freeing bugs, detecting memory leaks and enforcing fine-grained ...
Stack-based overflow detection. To detect stack overflows, we view the memory occupied by the activation frame of an invoked function as a dynamically-sized buffer. ...
doi:10.1145/2524224.2524234
dblp:conf/hotdep/KumarGGB13
fatcat:rrt6rn5m75e3xe4sorbjrrugba
ConMem
2010
SIGARCH Computer Architecture News
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2015; you can also visit the original URL.
The file type is application/pdf.
ConMem detects more tested bugs (8 out of 9 bugs) than a lock-set-based race detector and an unserializable-interleaving detector that detect 4 and 5 bugs respectively, with a false positive rate about ...
We call this pattern concurrency-memory bugs: buggy interleavings directly cause memory bugs (NULL-pointerdereference, dangling-pointer, buffer-overflow, uninitialized-read) on shared memory objects. ...
This research is partially supported by a Claire Boothe Luce faculty fellowship. ...
doi:10.1145/1735970.1736041
fatcat:eznfy4fgxnhtpetvovan6z4bhu
ConMem
2010
Proceedings of the fifteenth edition of ASPLOS on Architectural support for programming languages and operating systems - ASPLOS '10
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2015; you can also visit the original URL.
The file type is application/pdf.
ConMem detects more tested bugs (8 out of 9 bugs) than a lock-set-based race detector and an unserializable-interleaving detector that detect 4 and 5 bugs respectively, with a false positive rate about ...
We call this pattern concurrency-memory bugs: buggy interleavings directly cause memory bugs (NULL-pointerdereference, dangling-pointer, buffer-overflow, uninitialized-read) on shared memory objects. ...
This research is partially supported by a Claire Boothe Luce faculty fellowship. ...
doi:10.1145/1736020.1736041
dblp:conf/asplos/ZhangSL10
fatcat:3msfnlwgavg2faxhyka2jvnv3i
ConMem
2010
SIGPLAN notices
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2015; you can also visit the original URL.
The file type is application/pdf.
ConMem detects more tested bugs (8 out of 9 bugs) than a lock-set-based race detector and an unserializable-interleaving detector that detect 4 and 5 bugs respectively, with a false positive rate about ...
We call this pattern concurrency-memory bugs: buggy interleavings directly cause memory bugs (NULL-pointerdereference, dangling-pointer, buffer-overflow, uninitialized-read) on shared memory objects. ...
This research is partially supported by a Claire Boothe Luce faculty fellowship. ...
doi:10.1145/1735971.1736041
fatcat:k7pinzusp5eb3azprjjl3w6hym
Embedded TaintTracker: Lightweight Run-Time Tracking of Taint Data against Buffer Overflow Attacks
2011
IEICE transactions on information and systems
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
A buffer overflow attack occurs when a program writes data outside the allocated memory in an attempt to invade a system. ...
Approximately forty percent of all software vulnerabilities over the past several years are attributed to buffer overflow. Taint tracking is a novel technique to prevent buffer overflow. ...
4.7x
: Complete : Partial ×: Not supported
*
Table 2 2 Dynamic buffer overflow detector. ...
doi:10.1587/transinf.e94.d.2129
fatcat:esj2toqxifbenmqfzpzjcb4o4i
Convicting exploitable software vulnerabilities: An efficient input provenance based approach
2008
2008 IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN)
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
In this paper, we propose a lightweight dynamic approach which generates evidence for various security vulnerabilities in software, with the goal of relieving the manual procedure. ...
Convicting a suspect and vindicating false positives are mostly a highly demanding manual process, requiring a certain level of understanding of the software. ...
In this paper, we propose a practical dynamic approach that is intended to use in combination with other static tools. ...
doi:10.1109/dsn.2008.4630093
dblp:conf/dsn/LinZX08
fatcat:wpapga7rqbdcjg2bhmmyexkj24
« Previous
Showing results 1 — 15 out of 3,077 results